Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMicrosoftCVELIST:CVE-2020-17049
HistoryNov 11, 2020 - 12:00 a.m.

CVE-2020-17049 Kerberos KDC Security Feature Bypass Vulnerability

2020-11-1100:00:00
microsoft
www.cve.org
1

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

7.2 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2019",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.17763.2061",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2019 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.17763.2061",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server, version 1909 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server, version 1903 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server version 2004",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1110:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19041.1110",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2016",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.14393.4530",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2016 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.14393.4530",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2008 Service Pack 2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "6.0.0",
        "lessThan": "6.0.6003.21167",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x64:*",
      "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.0.0",
        "lessThan": "6.0.6003.21167",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2008  Service Pack 2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21167:*:*:*:*:*:x86:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.0.0",
        "lessThan": "6.0.6003.21167",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2008 R2 Service Pack 1",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.1.0",
        "lessThan": "6.1.7601.25661",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25661:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.0.0",
        "lessThan": "6.1.7601.25661",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.2.0",
        "lessThan": "6.2.9200.23409",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23409:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.2.0",
        "lessThan": "6.2.9200.23409",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012 R2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.3.0",
        "lessThan": "6.3.9600.20069",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012 R2 (Server Core installation)",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20069:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.3.0",
        "lessThan": "6.3.9600.20069",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server version 20H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1110:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19041.1110",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Related

mskb 41
osv 4
prion 1
redhat 11
cbl_mariner 1
attackerkb 1
nessus 21
almalinux 2
nvd 1
openvas 16
cve 1
mscve 1
msrc 1
redhatcve 1
altlinux 1
oraclelinux 2
rocky 1
amazon 1
suse 1
kaspersky 2
gentoo 1
avleonov 1
mskb
mskb
July 13, 2021 Public preview security update (KB5004243)
2021-06-02 00:00:00
June 8, 2021 Public preview security update (KB5003645)
2021-05-05 00:00:00
March 9, 2021—KB5000856 (Security-only update)
2021-03-09 08:00:00
osv
osv
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
CVE-2020-17049
2020-11-11 07:15:16
Moderate: idm:DL1 security update
2024-01-10 00:00:00
prion
prion
Security feature bypass
2020-11-11 07:15:00
redhat
redhat
(RHSA-2023:2570) Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 05:14:28
(RHSA-2024:0143) Moderate: idm:DL1 security update
2024-01-10 12:30:55
(RHSA-2024:0139) Moderate: idm:DL1 security update
2024-01-10 12:29:21
cbl_mariner
cbl_mariner
CVE-2020-17049 affecting package samba 4.12.5-6
2024-06-29 09:08:33
attackerkb
attackerkb
CVE-2020-17049
2020-11-11 00:00:00
nessus
nessus
RHEL 9 : krb5 (RHSA-2023:2570)
2023-05-11 00:00:00
AlmaLinux 9 : krb5 (ALSA-2023:2570)
2023-05-14 00:00:00
Oracle Linux 9 : krb5 (ELSA-2023-2570)
2023-05-15 00:00:00
almalinux
almalinux
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
Moderate: idm:DL1 security update
2024-01-10 00:00:00
nvd
nvd
CVE-2020-17049
2020-11-11 07:15:16
openvas
openvas
Samba Security Feature Bypass Vulnerability (CVE-2020-17049)
2021-10-28 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4592468)
2020-12-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4592484)
2020-12-09 00:00:00
cve
cve
CVE-2020-17049
2020-11-11 07:15:16
mscve
mscve
Kerberos KDC Security Feature Bypass Vulnerability
2020-11-10 08:00:00
msrc
msrc
Kerberos KDC の脆弱性 (CVE-2020-17049) に対応するためのガイダンス
2020-11-19 08:00:00
redhatcve
redhatcve
CVE-2020-17049
2021-11-22 20:20:39
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.9-alt1
2021-11-01 00:00:00
oraclelinux
oraclelinux
krb5 security, bug fix, and enhancement update
2023-05-15 00:00:00
idm:DL1 security update
2024-01-12 00:00:00
rocky
rocky
idm:DL1 security update
2024-01-12 19:57:42
amazon
amazon
Important: samba
2022-12-01 17:33:00
suse
suse
Security update for samba and ldb (important)
2021-11-10 00:00:00
kaspersky
kaspersky
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
2020-11-10 00:00:00
KLA12004 Multiple vulnerabilities in Microsoft Windows
2020-11-10 00:00:00
gentoo
gentoo
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
avleonov
avleonov
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
2021-01-11 01:50:44

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

7.2 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for CVELIST:CVE-2020-17049
mskb41osv4prion1redhat11cbl_mariner1attackerkb1nessus21almalinux2nvd1openvas16cve1mscve1msrc1redhatcve1altlinux1oraclelinux2rocky1amazon1suse1kaspersky2gentoo1avleonov1