10

CVE-2020-0646

Warnung
Exploit
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows 8.1
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 1607 Version- HwPlatformx64
   MicrosoftWindows 10 1607 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 1709 Version- HwPlatformx64
   MicrosoftWindows 10 1709 Version- HwPlatformx86
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 1709 Version- HwPlatformx64
   MicrosoftWindows 10 1709 Version- HwPlatformx86
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 1709 Version- HwPlatformx64
   MicrosoftWindows 10 1709 Version- HwPlatformx86
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 1507 Version- HwPlatformx64
   MicrosoftWindows 10 1507 Version- HwPlatformx86
   MicrosoftWindows 10 1803 Version- HwPlatformx64
   MicrosoftWindows 10 1803 Version- HwPlatformx86
   MicrosoftWindows 10 1809 Version- HwPlatformx64
   MicrosoftWindows 10 1809 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version1803
   MicrosoftWindows Server 2019
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 1507 Version- HwPlatformx64
   MicrosoftWindows 10 1507 Version- HwPlatformx86
   MicrosoftWindows 10 1803 Version- HwPlatformx64
   MicrosoftWindows 10 1803 Version- HwPlatformx86
   MicrosoftWindows 10 1809 Version- HwPlatformx64
   MicrosoftWindows 10 1809 Version- HwPlatformx86
   MicrosoftWindows Server 2016 Version1803
   MicrosoftWindows Server 2019
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 1809 Version-
   MicrosoftWindows 10 1903 Version-
   MicrosoftWindows 10 1909 Version-
   MicrosoftWindows Server 2016 Version1909
   MicrosoftWindows Server 2019
Microsoft.Net Framework Version4.8
   MicrosoftWindows 10 1809 Version-
   MicrosoftWindows 10 1903 Version-
   MicrosoftWindows 10 1909 Version-
   MicrosoftWindows Server 2016 Version1909
   MicrosoftWindows Server 2019
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 1607 Version- HwPlatformx86
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 1607 Version- HwPlatformx86
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 1607 Version- HwPlatformx86
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 10 1607 Version- HwPlatformx86
Microsoft.Net Framework Version4.6
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.8
   MicrosoftWindows 10 1607 Version-
   MicrosoftWindows 10 1709 Version-
   MicrosoftWindows 10 1803 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1
   MicrosoftWindows Rt 8.1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft .NET Framework Remote Code Execution Vulnerability

Schwachstelle

Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.87% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.