CVE-2020-1350
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
10
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
Se presenta una vulnerabilidad de ejecución de código remota en los servidores de Windows Domain Name System cuando presentan un fallo al manejar apropiadamente las peticiones, también se conoce como "Windows DNS Server Remote Code Execution Vulnerability"
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-04 CVE Reserved
- 2020-07-14 CVE Published
- 2020-07-15 First Exploit
- 2020-07-24 KEV Due Date
- 2021-11-03 Exploited in Wild
- 2024-08-04 CVE Updated
- 2024-09-08 EPSS Updated
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/maxpl0it/CVE-2020-1350-DoS | 2020-07-20 | |
| https://github.com/T13nn3s/CVE-2020-1350 | 2023-04-01 | |
| https://github.com/mr-r3b00t/CVE-2020-1350 | 2020-07-20 | |
| https://github.com/captainGeech42/CVE-2020-1350 | 2020-07-16 | |
| https://github.com/connormcgarr/CVE-2020-1350 | 2020-07-27 | |
| https://github.com/jmaddington/dRMM-CVE-2020-1350-response | 2020-07-15 | |
| https://github.com/simeononsecurity/CVE-2020-1350-Fix | 2020-07-26 | |
| https://github.com/Plazmaz/CVE-2020-1350-poc | 2020-07-20 | |
| https://github.com/graph-inc/CVE-2020-1350 | 2020-07-18 | |
| https://github.com/CVEmaster/CVE-2020-1350 | 2020-07-20 |
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 | 2022-07-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1903 Search vendor "Microsoft" for product "Windows Server 2016" and version "1903" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1909 Search vendor "Microsoft" for product "Windows Server 2016" and version "1909" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 2004 Search vendor "Microsoft" for product "Windows Server 2016" and version "2004" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Affected
| ||||||