Lucene search
HistoryJun 09, 2020 - 8:15 p.m.
CVE-2020-1206
cve-2020-1206
microsoft
smbv3
information disclosure
vulnerability
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.79 High
EPSS
Percentile
98.3%
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka âWindows SMBv3 Client/Server Information Disclosure Vulnerabilityâ.
Affected configurations
Node
microsoftwindows_10_1909 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_10_1909 for x64-based systemsMatchunspecified
ORmicrosoftwindows_10_1909 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_server,_version_1909Matchunspecified
ORmicrosoftwindows_10_1903 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_10_1903 for x64-based systemsMatchunspecified
ORmicrosoftwindows_10_1903 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_server,_version_1903Matchunspecified
ORmicrosoftwindows_10_2004 for arm64-based systemsMatchunspecified
ORmicrosoftwindows_10_2004 for x64-based systemsMatchunspecified
ORmicrosoftwindows_10_2004 for 32-bit systemsMatchunspecified
ORmicrosoftwindows_server,_version_2004Matchunspecified
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_10_1909 for 32-bit systems | unspecified | cpe:2.3:o:microsoft:windows_10_1909 for 32-bit systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_1909 for x64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_1909 for x64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_1909 for arm64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_1909 for arm64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_server,_version_1909 | unspecified | cpe:2.3:o:microsoft:windows_server,_version_1909:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for 32-bit systems | unspecified | cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for x64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_1903 for arm64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_1903 for arm64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_server,_version_1903 | unspecified | cpe:2.3:o:microsoft:windows_server,_version_1903:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_2004 for arm64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_2004 for arm64-based systems:unspecified:*:*:*:*:*:*:* |
| microsoft | windows_10_2004 for x64-based systems | unspecified | cpe:2.3:o:microsoft:windows_10_2004 for x64-based systems:unspecified:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 2004 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2020-1206
2020-06-09 20:15:13
githubexploit
githubexploit
Exploit for Use of Uninitialized Resource in Microsoft
2020-04-05 15:52:43
cvelist
cvelist
CVE-2020-1206
2020-06-09 19:43:23
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMBv3 Client/Server Information Disclosure (CVE-2020-1206)
2020-06-09 00:00:00
malwarebytes
malwarebytes
Honda and Enel impacted by cyber attack suspected to be ransomware
2020-06-10 03:53:20
prion
prion
Information disclosure
2020-06-09 20:15:00
mscve
mscve
Windows SMBv3 Client/Server Information Disclosure Vulnerability
2020-06-09 07:00:00
thn
thn
SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
2020-06-09 20:30:00
Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities
2020-06-09 18:14:00
attackerkb
attackerkb
threatpost
threatpost
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
2020-06-09 19:28:54
securelist
securelist
IT threat evolution Q2 2020. PC statistics
2020-09-03 10:30:23
kaspersky
kaspersky
KLA11807 Multiple vulnerabilities in Microsoft Windows
2020-06-09 00:00:00
nessus
nessus
KB4560960: Windows 10 Version 1903 and Windows 10 Version 1909 June 2020 Security Update
2020-06-09 00:00:00
KB4557957: Windows 10 Version 2004 June 2020 Security Update
2020-06-10 00:00:00
mskb
mskb
June 9, 2020âKB4557957 (OS Build 19041.329)
2020-06-09 07:00:00
June 9, 2020âKB4560960 (OS Builds 18362.900 and 18363.900) - EXPIRED
2020-06-17 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4557957)
2020-06-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4560960)
2020-06-10 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB
2020-06-23 01:31:46
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.4 High
AI Score
Confidence
High
0.79 High
EPSS
Percentile
98.3%
Related for CVE-2020-1206