10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’.
Recent assessments:
busterb at June 09, 2020 11:49pm UTC reported:
Edit: After writing this @adfoster-r7 pointed out that Zecops has a writeup on exactly how to chain this with SMBGhost. How apropos! <https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/>
Note that if you were already patched against CVE-2020-0796, the current PoCs aren’t going to be impactful to you, so the urgency is lower than if you’re a couple of months out of date. If you’re patching already, no need to panic.
Whenever we see SMB memory corruption leaks, the cry is always ‘oh, if only we had an information leak, we could make this so much more reliable’. Well, assuming someone figures out the details, this could be the information leak folks are looking for to make SMBGhost and other vulnerabilities more reliable to exploit. Not a big deal by itself, but I imagine folks are already trying to figure out how to use this to an advantage. It might not take long given the existence of public SMBGhost PoCs already.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%