CVE-2020-1472

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html

https://www.kb.cert.org/vuls/id/490028

http://www.openwall.com/lists/oss-security/2020/09/17/2

https://usn.ubuntu.com/4510-1/

https://www.synology.com/security/advisory/Synology_SA_20_21

https://usn.ubuntu.com/4510-2/

https://lists.fedoraproject.org/archives/list/[email protected]/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/

https://usn.ubuntu.com/4559-1/

http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html

https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html

https://security.gentoo.org/glsa/202012-24

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2020-08-17

Updated: 2021-07-21

Type: CWE-269

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 10

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
151396EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2021-2168)NessusHuawei Local Security Checks
critical
149965Oracle Linux 8 : samba (ELSA-2021-1647)NessusOracle Linux Local Security Checks
critical
149752CentOS 8 : samba (CESA-2021:1647)NessusCentOS Local Security Checks
critical
149679RHEL 8 : samba (RHSA-2021:1647)NessusRed Hat Local Security Checks
critical
147666EulerOS Virtualization 2.9.0 : samba (EulerOS-SA-2021-1635)NessusHuawei Local Security Checks
critical
147497EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2021-1625)NessusHuawei Local Security Checks
critical
147360NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2021-0024)NessusNewStart CGSL Local Security Checks
critical
147061EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2021-1517)NessusHuawei Local Security Checks
critical
147047EulerOS Virtualization for ARM 64 3.0.6.0 : samba (EulerOS-SA-2021-1533)NessusHuawei Local Security Checks
critical
145189EulerOS 2.0 SP3 : samba (EulerOS-SA-2021-1118)NessusHuawei Local Security Checks
critical
144992Amazon Linux AMI : samba (ALAS-2021-1469)NessusAmazon Linux Local Security Checks
critical
144973CentOS 7 : samba (CESA-2020:5439)NessusCentOS Local Security Checks
critical
144800Amazon Linux 2 : ctdb (ALAS-2021-1585)NessusAmazon Linux Local Security Checks
critical
144739EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1050)NessusHuawei Local Security Checks
critical
144607GLSA-202012-24 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
144423RHEL 7 : samba (RHSA-2020:5439)NessusRed Hat Local Security Checks
critical
144332Oracle Linux 7 : samba (ELSA-2020-5439)NessusOracle Linux Local Security Checks
critical
144296Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2020:5439)NessusScientific Linux Local Security Checks
critical
143864SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)NessusSuSE Local Security Checks
critical
143807SUSE SLES12 Security Update : samba (SUSE-SU-2020:2724-1)NessusSuSE Local Security Checks
critical
143732SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2722-1)NessusSuSE Local Security Checks
critical
143724SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:2730-1)NessusSuSE Local Security Checks
critical
143655SUSE SLES12 Security Update : samba (SUSE-SU-2020:2720-1)NessusSuSE Local Security Checks
critical
143641SUSE SLES15 Security Update : samba (SUSE-SU-2020:2719-1)NessusSuSE Local Security Checks
critical
143186Debian DLA-2463-1 : samba security updateNessusDebian Local Security Checks
critical
142333EulerOS 2.0 SP2 : samba (EulerOS-SA-2020-2396)NessusHuawei Local Security Checks
critical
142110EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)NessusHuawei Local Security Checks
critical
141331EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2181)NessusHuawei Local Security Checks
critical
141328EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2171)NessusHuawei Local Security Checks
critical
141273Fedora 33 : 2:samba (2020-77c15664b0)NessusFedora Local Security Checks
critical
141144Fedora 31 : 2:samba (2020-a1d139381a)NessusFedora Local Security Checks
critical
141112Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Samba update (USN-4559-1)NessusUbuntu Local Security Checks
critical
141072openSUSE Security Update : samba (openSUSE-2020-1526)NessusSuSE Local Security Checks
critical
140797openSUSE Security Update : samba (openSUSE-2020-1513)NessusSuSE Local Security Checks
critical
140760Fedora 32 : 2:samba (2020-0be2776ed3)NessusFedora Local Security Checks
critical
140677FreeBSD : samba -- Unauthenticated domain takeover via netlogon (24ace516-fad7-11ea-8d8c-005056a311d1)NessusFreeBSD Local Security Checks
critical
140657Microsoft Netlogon Elevation of Privilege (Zerologon) (Remote)NessusWindows
critical
140640Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerability (USN-4510-1)NessusUbuntu Local Security Checks
critical
139493KB4571702: Windows Server 2012 August 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
139491KB4571719: Windows 7 and Windows Server 2008 R2 August 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
139489KB4571723: Windows 8.1 and Windows Server 2012 R2 August 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
139488KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
139484KB4565349: Windows 10 Version 1809 and Windows Server 2019 August 2020 Security UpdateNessusWindows : Microsoft Bulletins
high