CVE-2020-0605high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605
Details
Source: MITRE
Published: 2020-01-14
Updated: 2020-01-21
Type: CWE-20
Risk Information
CVSS v2
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
OR
Configuration 2
AND
OR
OR
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Configuration 3
AND
OR
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
OR
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Configuration 4
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Configuration 5
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Configuration 6
AND
OR
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Configuration 7
AND
OR
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Configuration 8
AND
OR
OR
Configuration 9
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
OR
Configuration 10
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Configuration 11
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Configuration 12
OR
cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 132999 | Security Updates for Microsoft .NET Framework (January 2020) | Nessus | Windows : Microsoft Bulletins | critical |
| 132994 | Security Update for .NET Core SDK (January 2020) | Nessus | Windows | high |
| 132993 | Security Update for .NET Core (January 2020) | Nessus | Windows | high |
| 132866 | KB4534314: Windows 7 and Windows Server 2008 R2 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132865 | KB4534306: Windows 10 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132864 | KB4534312: Windows Server 2008 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132862 | KB4534293: Windows 10 Version 1803 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132861 | KB4534288: Windows Server 2012 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132860 | KB4534276: Windows 10 Version 1709 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132859 | KB4534273: Windows 10 Version 1809 and Windows Server 2019 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132858 | KB4534271: Windows 10 Version 1607 and Windows Server 2016 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |
| 132857 | KB4528760: Windows 10 Version 1903 and Windows 10 Version 1909 January 2020 Security Update | Nessus | Windows : Microsoft Bulletins | critical |