CVE-2020-1147 — Vulnetix

CVE-2020-1147 PUBLISHED KEV CVSS 6.800000190734863 MEDIUM

Une vulnérabilité a été corrigée dans <span class="textit">Microsoft .Net</span>. Elle permet à un attaquant de provoquer une exécution de code à distance.

EPSS 93.43% · 99.8th percentile

Risk Scores

CVSS 2.0

6.800000190734863

EPSS Score

93.43%

99.8th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems	unspecified
microsoft	sharepoint_server	2019, 2010
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2016	unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)	unspecified
NuGet	Microsoft.NETCore.App.Runtime.linux-x64	3.1.0
Microsoft	Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)	*
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems	unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)	*
Microsoft	Microsoft .NET Framework 4.8 on Windows RT 8.1	unspecified
Microsoft	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	unspecified
Microsoft	Microsoft .NET Framework 2.0	*, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
NuGet	Microsoft.NETCore.App.Runtime.win-x86	3.1.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems	unspecified
NuGet	Microsoft.NETCore.App	2.1.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)	1903
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012	unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systems	unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems	unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems	unspecified

…and 67 more

Exploit Intelligence

http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html (nist-nvd)
http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html (nist-nvd)
http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html (nist-nvd)
https://www.exploitalert.com/view-details.html?id=35992 (nist-nvd)
CIRCL seen: CVE-2020-1147 (circl-sighting)
CIRCL seen: CVE-2020-1147 (circl-sighting)
CIRCL seen: CVE-2020-1147 (circl-sighting)
CIRCL seen: CVE-2020-1147 (circl-sighting)
CIRCL seen: CVE-2020-1147 (circl-sighting)
CIRCL seen: CVE-2020-1147 (circl-sighting)

…and 41 more exploits

Timeline

Jul 14, 2020 CVE Published
Jul 29, 2020 PoC Published
Aug 1, 2020 PoC Published
Aug 18, 2020 PoC Published
Apr 14, 2021 EPSS Score
Jul 23, 2021 PoC Published
Jul 24, 2021 EPSS Score
Nov 3, 2021 CISA KEV Added
Nov 8, 2021 PoC Published
Nov 18, 2021 PoC Published
Nov 20, 2021 PoC Published
Apr 1, 2022 EPSS Score

References

Open in Interactive Console →