Detections
Analytics
CVE-2020-0601
high
Description
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
From the Tenable Blog
CVE-2020-0601: NSA Reported Spoofing Vulnerability in Windows CryptoAPI
Published: 2020-01-14
Microsoft kicks off the first Patch Tuesday of 2020 with the disclosure of CVE-2020-0601, a highly critical flaw in the cryptographic library for Windows. UPDATE 01/16/2020: This blog post has been updated to reflect the availability of proof-of-concept code for CVE-2020-0601, which is being referred to as CurveBall or Chain of Fools.
References
Details
Published: 2020-01-14
Updated: 2025-04-10
Named Vulnerability: CurveBallNamed Vulnerability: ChainOfFoolsNamed Vulnerability: Chain of FoolsNamed Vulnerability: CURVEBALLKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Severity: Medium
CVSS v3
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: High
EPSS
EPSS: 0.93923