Kaspersky Threats

Detect date

?

03/12/2020

Severity

?

Critical

Description

A remote code execution vulnerability in Windows SMBv3 Client/Server can be exploited remotely via specially crafted packet to execute arbitrary code.

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2020-0796/

The following public exploits exists for this vulnerability:

https://github.com/k8gege/PyLadon

https://github.com/Aekras1a/CVE-2020-0796-PoC

https://github.com/technion/DisableSMBCompression

https://github.com/T13nn3s/CVE-2020-0796

https://github.com/ly4k/SMBGhost

https://github.com/joaozietolie/CVE-2020-0796-Checker

https://github.com/ButrintKomoni/cve-2020-0796

https://github.com/dickens88/cve-2020-0796-scanner

https://github.com/kn6869610/CVE-2020-0796

https://github.com/awareseven/eternalghosttest

https://github.com/weidutech/CVE-2020-0796-PoC

https://github.com/xax007/CVE-2020-0796-Scanner

https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing

https://github.com/UraSecTeam/smbee

https://github.com/netscylla/SMBGhost

https://github.com/eerykitty/CVE-2020-0796-PoC

https://github.com/wneessen/SMBCompScan

https://github.com/ioncodes/SMBGhost

https://github.com/laolisafe/CVE-2020-0796

https://github.com/gabimarti/SMBScanner

https://github.com/Almorabea/SMBGhost-WorkaroundApplier

https://github.com/IAreKyleW00t/SMBGhosts

https://github.com/vysecurity/CVE-2020-0796

https://github.com/marcinguy/CVE-2020-0796

https://github.com/BinaryShadow94/SMBv3.1.1-scan—CVE-2020-0796

https://github.com/w1ld3r/SMBGhost_Scanner

https://github.com/wsfengfan/CVE-2020-0796

https://github.com/GuoKerS/aioScan_CVE-2020-0796

https://github.com/jiansiting/CVE-2020-0796-Scanner

https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC

https://github.com/ran-sama/CVE-2020-0796

https://github.com/sujitawake/smbghost

https://github.com/julixsalas/CVE-2020-0796

https://github.com/5l1v3r1/SMBGhost_Crash_Poc

https://github.com/5l1v3r1/CVE-2020-0796-PoC-and-Scan

https://github.com/cory-zajicek/CVE-2020-0796-DoS

https://github.com/tripledd/cve-2020-0796-vuln

https://github.com/danigargu/CVE-2020-0796

https://github.com/ZecOps/CVE-2020-0796-LPE-POC

https://github.com/TinToSer/CVE-2020-0796-LPE

https://github.com/f1tz/CVE-2020-0796-LPE-EXP

https://github.com/tango-j/CVE-2020-0796

https://github.com/jiansiting/CVE-2020-0796

https://github.com/eastmountyxz/CVE-2020-0796-SMB

https://github.com/LabDookhtegan/CVE-2020-0796-EXP

https://github.com/Rvn0xsy/CVE_2020_0796_CNA

https://github.com/0xeb-bp/cve-2020-0796

https://github.com/intelliroot-tech/cve-2020-0796-Scanner

https://github.com/ZecOps/CVE-2020-0796-RCE-POC

https://github.com/thelostworldFree/CVE-2020-0796

https://github.com/section-c/CVE-2020-0796

https://github.com/bacth0san96/SMBGhostScanner

https://github.com/DreamoneOnly/CVE-2020-0796-LPE

https://github.com/halsten/CVE-2020-0796

https://github.com/ysyyrps123/CVE-2020-0796

https://github.com/ysyyrps123/CVE-2020-0796-exp

https://github.com/exp-sky/CVE-2020-0796

https://github.com/Barriuso/SMBGhost_AutomateExploitation

https://github.com/1060275195/SMBGhost

https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module

Affected products

Windows 10 Version 1909 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0796

Impacts

?

ACE

[?]

Detect date ?	03/12/2020
Severity ?	Critical
Description	A remote code execution vulnerability in Windows SMBv3 Client/Server can be exploited remotely via specially crafted packet to execute arbitrary code.
Exploitation	This vulnerability can be exploited by the following malware: https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2020-0796/ The following public exploits exists for this vulnerability: https://github.com/k8gege/PyLadon https://github.com/Aekras1a/CVE-2020-0796-PoC https://github.com/technion/DisableSMBCompression https://github.com/T13nn3s/CVE-2020-0796 https://github.com/ly4k/SMBGhost https://github.com/joaozietolie/CVE-2020-0796-Checker https://github.com/ButrintKomoni/cve-2020-0796 https://github.com/dickens88/cve-2020-0796-scanner https://github.com/kn6869610/CVE-2020-0796 https://github.com/awareseven/eternalghosttest https://github.com/weidutech/CVE-2020-0796-PoC https://github.com/xax007/CVE-2020-0796-Scanner https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing https://github.com/UraSecTeam/smbee https://github.com/netscylla/SMBGhost https://github.com/eerykitty/CVE-2020-0796-PoC https://github.com/wneessen/SMBCompScan https://github.com/ioncodes/SMBGhost https://github.com/laolisafe/CVE-2020-0796 https://github.com/gabimarti/SMBScanner https://github.com/Almorabea/SMBGhost-WorkaroundApplier https://github.com/IAreKyleW00t/SMBGhosts https://github.com/vysecurity/CVE-2020-0796 https://github.com/marcinguy/CVE-2020-0796 https://github.com/BinaryShadow94/SMBv3.1.1-scan—CVE-2020-0796 https://github.com/w1ld3r/SMBGhost_Scanner https://github.com/wsfengfan/CVE-2020-0796 https://github.com/GuoKerS/aioScan_CVE-2020-0796 https://github.com/jiansiting/CVE-2020-0796-Scanner https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC https://github.com/ran-sama/CVE-2020-0796 https://github.com/sujitawake/smbghost https://github.com/julixsalas/CVE-2020-0796 https://github.com/5l1v3r1/SMBGhost_Crash_Poc https://github.com/5l1v3r1/CVE-2020-0796-PoC-and-Scan https://github.com/cory-zajicek/CVE-2020-0796-DoS https://github.com/tripledd/cve-2020-0796-vuln https://github.com/danigargu/CVE-2020-0796 https://github.com/ZecOps/CVE-2020-0796-LPE-POC https://github.com/TinToSer/CVE-2020-0796-LPE https://github.com/f1tz/CVE-2020-0796-LPE-EXP https://github.com/tango-j/CVE-2020-0796 https://github.com/jiansiting/CVE-2020-0796 https://github.com/eastmountyxz/CVE-2020-0796-SMB https://github.com/LabDookhtegan/CVE-2020-0796-EXP https://github.com/Rvn0xsy/CVE_2020_0796_CNA https://github.com/0xeb-bp/cve-2020-0796 https://github.com/intelliroot-tech/cve-2020-0796-Scanner https://github.com/ZecOps/CVE-2020-0796-RCE-POC https://github.com/thelostworldFree/CVE-2020-0796 https://github.com/section-c/CVE-2020-0796 https://github.com/bacth0san96/SMBGhostScanner https://github.com/DreamoneOnly/CVE-2020-0796-LPE https://github.com/halsten/CVE-2020-0796 https://github.com/ysyyrps123/CVE-2020-0796 https://github.com/ysyyrps123/CVE-2020-0796-exp https://github.com/exp-sky/CVE-2020-0796 https://github.com/Barriuso/SMBGhost_AutomateExploitation https://github.com/1060275195/SMBGhost https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module
Affected products	Windows 10 Version 1909 for 32-bit Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 1903 for 32-bit Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-0796
Impacts ?	ACE [?]
Related products	Microsoft Windows Microsoft Windows Server Microsoft Windows 10
CVE-IDS ?	CVE-2020-07967.5Critical
KB list	4551762
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA11693ACE vulnerability in Microsoft Windows

KLA11693
ACE vulnerability in Microsoft Windows