Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MICROSOFT_WINDOWS_HYPERV_REMOTEFX_VGPU_MULTIPLE_VULNERABILITIES.NASL
HistoryJun 28, 2022 - 12:00 a.m.

Microsoft Windows HyperV RemoteFX vGPU Multiple Vulnerabilities

2022-06-2800:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
64
JSON

The Microsoft HyperV RemoteFX vGPU enabled on the remote host is affected by multiple vulnerabilities, including the following:

  • An exploitable code execution vulnerability exists in the Shader functionality. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). (CVE-2020-6103, CVE-2020-6102)

  • An exploitable code execution vulnerability exists in the Shader functionality. An attacker can provide a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability could be also triggered from web browser (using webGL and webassembly). (CVE-2020-6101)

  • Remote code execution vulnerabilities exist when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability’. (CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043, CVE-2020-1043)

Note that Nessus has not tested for this issue but has instead relied only on the application’s presence on the machine.

##
# (C) Tenable Inc.
##

include('compat.inc');

if (description)
{
  script_id(162570);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/06");

  script_cve_id(
    "CVE-2020-1032",
    "CVE-2020-1036",
    "CVE-2020-1040",
    "CVE-2020-1041",
    "CVE-2020-1042",
    "CVE-2020-1043",
    "CVE-2020-6100",
    "CVE-2020-6101",
    "CVE-2020-6102",
    "CVE-2020-6103"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"IAVA", value:"2020-A-0306-S");

  script_name(english:"Microsoft Windows HyperV RemoteFX vGPU Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The Microsoft HyperV RemoteFX vGPU enabled on the remote host is affected by multiple vulnerabilities, including the following:

  - An exploitable code execution vulnerability exists in the Shader functionality. An attacker can provide a
    specially crafted shader file to trigger this vulnerability, resulting in code execution. This
    vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the
    vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability
    could be also triggered from web browser (using webGL and webassembly). (CVE-2020-6103, CVE-2020-6102)

  - An exploitable code execution vulnerability exists in the Shader functionality. An attacker can provide a
    specially crafted shader file to trigger this vulnerability, resulting in code execution. This
    vulnerability can be triggered from a HYPER-V guest using the RemoteFX feature, leading to executing the
    vulnerable code on the HYPER-V host (inside of the rdvgm.exe process). Theoretically this vulnerability
    could be also triggered from web browser (using webGL and webassembly). (CVE-2020-6101)

  - Remote code execution vulnerabilities exist when Hyper-V RemoteFX vGPU on a host server fails to properly
    validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote
    Code Execution Vulnerability'. (CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043,
    CVE-2020-1043)

Note that Nessus has not tested for this issue but has instead relied only on the application's presence on the machine.");
  # https://blog.talosintelligence.com/2020/07/vuln-spotlight-intel-amd-microsoft-july-2020.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5faeb054");
  # https://support.microsoft.com/en-us/topic/kb4570006-update-to-disable-and-remove-the-remotefx-vgpu-component-in-windows-bbdf1531-7188-2bf4-0de6-641de79f09d2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5507394");
  script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1043");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-6103");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:microsoft:hyperv_remotefx_vgpu");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_windows_hyperv_remotefx_vgpu_detect.nbin");
  script_require_keys("installed_sw/Microsoft HyperV RemoteFX vGPU");

  exit(0);
}

include('vcf.inc');
include('smb_func.inc');

var app_info = vcf::get_app_info(app:'Microsoft HyperV RemoteFX vGPU', win_local:TRUE);

if (app_info['RemoteFX vGPU'] == 'Active')
{
  var report = 'Microsoft HyperV RemoteFX vGPU is active.';
  security_report_v4(severity:SECURITY_HOLE, extra:report, port:kb_smb_transport());
}
else
  audit(AUDIT_OS_CONF_NOT_VULN, 'Windows');
VendorProductVersionCPE
microsofthyperv_remotefx_vgpux-cpe:/a:microsoft:hyperv_remotefx_vgpu

Related

nvidia 1
prion 10
cve 10
attackerkb 2
lenovo 2
qualysblog 2
talos 10
mscve 6
cisa_kev 1
mskb 63
kaspersky 2
avleonov 1
ics 1
nvidia
nvidia
Security Notice: NVIDIA Response to Cisco Talos Report - July 2020
2020-07-16 00:00:00
prion
prion
Remote code execution
2020-07-14 23:15:00
Remote code execution
2020-07-14 23:15:00
Remote code execution
2020-07-14 23:15:00
cve
cve
CVE-2020-1040
2020-07-14 23:15:00
CVE-2020-1036
2020-07-14 23:15:00
CVE-2020-1043
2020-07-14 23:15:00
attackerkb
attackerkb
CVE-2020-1040
2020-07-14 00:00:00
CVE-2020-1043
2020-07-14 00:00:00
lenovo
lenovo
AMD Radeon DirectX 11 Driver Vulnerabilities - Lenovo Support US
2020-09-06 19:59:04
AMD Radeon DirectX 11 Driver Vulnerabilities - Lenovo Support NL
2020-09-06 19:59:04
qualysblog
qualysblog
July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe
2020-07-14 18:58:08
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
talos
talos
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality ROUND_NI Code Execution Vulnerability
2020-07-14 00:00:00
AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality MOV REG Code Execution Vulnerability
2020-07-14 00:00:00
Intel IGC64.DLL Shader Functionality HeapReAlloc code execution vulnerability
2020-07-14 00:00:00
mscve
mscve
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
2020-07-14 07:00:00
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
2020-07-14 07:00:00
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
2020-07-14 07:00:00
cisa_kev
cisa_kev
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
2021-11-03 00:00:00
mskb
mskb
October 13, 2020—KB4580370 (OS Build 15063.2525)
2020-10-23 00:00:00
July 14, 2020—KB4565499 (OS Build 15063.2439)
2020-08-11 00:00:00
September 8, 2020—KB4577021 (OS Build 15063.2500)
2020-09-08 00:00:00
kaspersky
kaspersky
KLA11863 Multiple vulnerabilities in Microsoft Products (ESU)
2020-07-14 00:00:00
KLA11865 Multiple vulnerabilities in Microsoft Windows
2020-07-14 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint
2020-08-02 04:05:22
ics
ics
Potential for China Cyber Response to Heightened U.S.–China Tensions
2020-10-20 12:00:00
JSON
Related for MICROSOFT_WINDOWS_HYPERV_REMOTEFX_VGPU_MULTIPLE_VULNERABILITIES.NASL
nvidia1prion10cve10attackerkb2lenovo2qualysblog2talos10mscve6cisa_kev1mskb63kaspersky2avleonov1ics1