Lucene search

MicrosoftCVE-2020-1032

HistoryJul 14, 2020 - 11:15 p.m.

CVE-2020-1032

2020-07-1423:15:11

CWE-20

microsoft

web.nvd.nist.gov

In Wild

cve-2020-1032

hyper-v

remotefx

vgpu

remote code execution

vulnerability

nvd

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

72.4%

JSON

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_server_2008Matchr2x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

VendorProductVersionCPE
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
microsoftwindows_server_2016-cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64:
microsoft	windows_server_2012	-	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
microsoft	windows_server_2012	r2	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
microsoft	windows_server_2016	-	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

CNA Affected

[
  {
    "product": "Windows Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2016"
      },
      {
        "status": "affected",
        "version": "2016  (Core installation)"
      },
      {
        "status": "affected",
        "version": "2008 R2 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
      },
      {
        "status": "affected",
        "version": "2012"
      },
      {
        "status": "affected",
        "version": "2012 (Core installation)"
      },
      {
        "status": "affected",
        "version": "2012 R2"
      },
      {
        "status": "affected",
        "version": "2012 R2 (Core installation)"
      }
    ]
  }
]