Lucene search
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_MICROSOFT_WINDOWS_ADV200005_REMOTE.NASLHistoryMar 11, 2020 - 12:00 a.m.
Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)
2020-03-1100:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
98
A remote code execution vulnerability exists in Microsoft Server Message Block 3.1.1 (SMBv3) protocol due to how it handles a maliciously crafted compressed data packet. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.
Note, the plugin checks if SMB 3.1.1 with compression is enabled. It does not currently verify the vulnerability itself.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(134421);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/23");
script_cve_id("CVE-2020-0796");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/08/10");
script_xref(name:"CEA-ID", value:"CEA-2020-0028");
script_name(english:"Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is using a vulnerable version of SMB.");
script_set_attribute(attribute:"description", value:
"A remote code execution vulnerability exists in Microsoft Server Message Block
3.1.1 (SMBv3) protocol due to how it handles a maliciously crafted compressed
data packet. An unauthenticated, remote attacker can exploit this to bypass
authentication and execute arbitrary commands.
Note, the plugin checks if SMB 3.1.1 with compression is enabled. It does not
currently verify the vulnerability itself.");
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?736703d3");
script_set_attribute(attribute:"solution", value:
"Microsoft has provided additional details and guidance in the ADV200005 advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0796");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SMBv3 Compression Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/12");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_dialects_enabled.nasl");
script_require_keys("SMB/smb_dialect/3.1.1", "Settings/ParanoidReport");
script_require_ports(139, 445);
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('smb_func.inc');
include('misc_func.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = kb_smb_transport();
if (get_kb_item('SMB/smb_dialect/3.1.1/compression'))
{
report = 'Nessus was able to detect SMB 3.1.1 with compression enabled using a specially crafted packet.\n';
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Related
githubexploit
githubexploit
kitploit
kitploit
myhack58
myhack58
thn
thn
Warning β Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
2020-03-11 12:16:00
SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
2020-06-09 20:30:00
exploitpack
exploitpack
nessus
nessus
Microsoft Windows SMBv3 Compression RCE (ADV200005)(CVE-2020-0796)(Remote)
2020-04-02 00:00:00
talosblog
talosblog
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMBv3 Remote Code Execution (CVE-2020-0796)
2020-03-11 00:00:00
akamaiblog
akamaiblog
zdt
zdt
threatpost
threatpost
Microsoftβs SMBGhost Flaw Still Haunts 108K Windows Systems
2020-10-28 20:36:09
Popular ThemeREX WordPress Plugin Opens Websites to RCE
2020-03-10 20:30:36
βWannaCry Heroβ Avoids Jail Time in Kronos Malware Charges
2019-07-29 13:23:34
cisa
cisa
Microsoft Server Message Block RCE Vulnerability
2020-03-11 00:00:00
Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability
2020-03-12 00:00:00
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
2020-06-05 00:00:00
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of SMB
2020-09-18 15:11:21
Metasploit Wrap-Up
2021-05-28 15:42:16
qualysblog
qualysblog
kaspersky
kaspersky
KLA11693 ACE vulnerability in Microsoft Windows
2020-03-12 00:00:00
canvas
canvas
Immunity Canvas: SMBGHOST_LPE
2020-03-12 16:15:00
Immunity Canvas: SMBGHOST
2020-03-12 16:15:00
trellix
trellix
SMBGhost β Analysis of CVE-2020-0796
2020-03-12 00:00:00
SMBGhost β Analysis of CVE-2020-0796
2020-03-12 00:00:00
Securing Space 4.0 β One Small Step or a Giant Leap? - Part 1
2020-09-30 00:00:00
prion
prion
Remote code execution
2020-03-12 16:15:00
mscve
mscve
Windows SMBv3 Client/Server Remote Code Execution Vulnerability
2020-03-12 07:00:00
Microsoft Guidance for Disabling SMBv3 Compression
2020-03-10 07:00:00
cve
cve
CVE-2020-0796
2020-03-12 16:15:00
carbonblack
carbonblack
Threat Analysis: CVE-2020-0796 β EternalDarkness (ghostSMB)
2020-03-17 14:14:25
mskb
mskb
March 12, 2020βKB4551762 (OS Builds 18362.720 and 18363.720) - EXPIRED
2020-03-12 07:00:00
attackerkb
attackerkb
CVE-2020-0796 - SMBGhost
2020-03-12 00:00:00
CVE-2021-31166
2021-05-11 00:00:00
metasploit
metasploit
SMBv3 Compression Buffer Overflow
2021-04-09 18:15:05
SMBv3 Compression Buffer Overflow
2020-04-02 21:22:00
packetstorm
packetstorm
Microsoft Windows SMB 3.1.1 Remote Code Execution
2020-03-15 00:00:00
SMBv3 Compression Buffer Overflow
2020-04-06 00:00:00
openvas
openvas
Microsoft Windows Server Message Block 3.1.1 RCE Vulnerability (KB4551762)
2020-03-12 00:00:00
cisa_kev
cisa_kev
Microsoft SMBv3 Remote Code Execution Vulnerability
2022-02-10 00:00:00
cert
cert
Microsoft SMBv3 compression remote code execution vulnerability
2020-03-11 00:00:00
exploitdb
exploitdb
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
2020-03-30 00:00:00
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
2020-03-14 00:00:00
Microsoft Windows - 'SMBGhost' Remote Code Execution
2020-06-02 00:00:00
mmpc
mmpc
mssecure
mssecure
Zerologon is now detected by Microsoft Defender for Identity
2020-11-30 17:00:20
Mitigating vulnerabilities in endpoint network stacks
2020-05-04 16:00:25
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-29 19:00:59
hivepro
hivepro
Vulnerabilities & Threats that Matter 08 β 14th Aug
2022-08-16 05:00:49
krebs
krebs
Microsoft Patch Tuesday, June 2020 Edition
2020-06-10 02:43:20
Microsoft Patch Tuesday, April 2020 Edition
2020-04-14 22:24:10
securelist
securelist
IT threat evolution Q2 2020. PC statistics
2020-09-03 10:30:23
IT threat evolution Q1 2020. Statistics
2020-05-20 10:00:43
Related for SMB_MICROSOFT_WINDOWS_ADV200005_REMOTE.NASL