Kaspersky Threats

Дата обнаружения

12/03/2020

Уровень угрозы

Critical

Описание

A remote code execution vulnerability in Windows SMBv3 Client/Server can be exploited remotely via specially crafted packet to execute arbitrary code.

Эксплуатация

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2020-0796/

The following public exploits exists for this vulnerability:

https://github.com/k8gege/PyLadon

https://github.com/Aekras1a/CVE-2020-0796-PoC

https://github.com/technion/DisableSMBCompression

https://github.com/T13nn3s/CVE-2020-0796

https://github.com/ly4k/SMBGhost

https://github.com/joaozietolie/CVE-2020-0796-Checker

https://github.com/ButrintKomoni/cve-2020-0796

https://github.com/dickens88/cve-2020-0796-scanner

https://github.com/kn6869610/CVE-2020-0796

https://github.com/awareseven/eternalghosttest

https://github.com/weidutech/CVE-2020-0796-PoC

https://github.com/xax007/CVE-2020-0796-Scanner

https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing

https://github.com/UraSecTeam/smbee

https://github.com/netscylla/SMBGhost

https://github.com/eerykitty/CVE-2020-0796-PoC

https://github.com/wneessen/SMBCompScan

https://github.com/ioncodes/SMBGhost

https://github.com/laolisafe/CVE-2020-0796

https://github.com/gabimarti/SMBScanner

https://github.com/Almorabea/SMBGhost-WorkaroundApplier

https://github.com/IAreKyleW00t/SMBGhosts

https://github.com/vysecurity/CVE-2020-0796

https://github.com/marcinguy/CVE-2020-0796

https://github.com/BinaryShadow94/SMBv3.1.1-scan—CVE-2020-0796

https://github.com/w1ld3r/SMBGhost_Scanner

https://github.com/wsfengfan/CVE-2020-0796

https://github.com/GuoKerS/aioScan_CVE-2020-0796

https://github.com/jiansiting/CVE-2020-0796-Scanner

https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC

https://github.com/ran-sama/CVE-2020-0796

https://github.com/sujitawake/smbghost

https://github.com/julixsalas/CVE-2020-0796

https://github.com/5l1v3r1/SMBGhost_Crash_Poc

https://github.com/5l1v3r1/CVE-2020-0796-PoC-and-Scan

https://github.com/cory-zajicek/CVE-2020-0796-DoS

https://github.com/tripledd/cve-2020-0796-vuln

https://github.com/danigargu/CVE-2020-0796

https://github.com/ZecOps/CVE-2020-0796-LPE-POC

https://github.com/TinToSer/CVE-2020-0796-LPE

https://github.com/f1tz/CVE-2020-0796-LPE-EXP

https://github.com/tango-j/CVE-2020-0796

https://github.com/jiansiting/CVE-2020-0796

https://github.com/eastmountyxz/CVE-2020-0796-SMB

https://github.com/LabDookhtegan/CVE-2020-0796-EXP

https://github.com/Rvn0xsy/CVE_2020_0796_CNA

https://github.com/0xeb-bp/cve-2020-0796

https://github.com/intelliroot-tech/cve-2020-0796-Scanner

https://github.com/ZecOps/CVE-2020-0796-RCE-POC

https://github.com/thelostworldFree/CVE-2020-0796

https://github.com/section-c/CVE-2020-0796

https://github.com/bacth0san96/SMBGhostScanner

https://github.com/DreamoneOnly/CVE-2020-0796-LPE

https://github.com/halsten/CVE-2020-0796

https://github.com/ysyyrps123/CVE-2020-0796

https://github.com/ysyyrps123/CVE-2020-0796-exp

https://github.com/exp-sky/CVE-2020-0796

https://github.com/Barriuso/SMBGhost_AutomateExploitation

https://github.com/1060275195/SMBGhost

https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module

https://github.com/ZecOps/SMBGhost-SMBleed-scanner

https://github.com/5l1v3r1/smbghost-5

https://github.com/rsmudge/CVE-2020-0796-BOF

https://github.com/codewithpradhan/SMBGhost-CVE-2020-0796-

https://github.com/GryllsAaron/CVE-2020-0796-POC

https://github.com/datntsec/CVE-2020-0796

https://github.com/krizzz07/CVE-2020-0796

https://github.com/jamf/SMBGhost-SMBleed-scanner

https://github.com/jamf/CVE-2020-0796-RCE-POC

https://github.com/jamf/CVE-2020-0796-LPE-POC

https://github.com/OldDream666/cve-2020-0796

https://github.com/heeloo123/CVE-2020-0796

https://github.com/5l1v3r1/SMBGhosts

Пораженные продукты

Windows 10 Version 1909 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения

CVE-2020-0796

Оказываемое влияние

?

ACE

[?]

Связанные продукты

Microsoft Windows
Microsoft Windows Server
Microsoft Windows 10

CVE-IDS

CVE-2020-07967.5Critical

KB list

4551762

KLA11693ACE vulnerability in Microsoft Windows

KLA11693
ACE vulnerability in Microsoft Windows