CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

CVSS v3.0 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147	Patch Vendor Advisory
http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://www.exploitalert.com/view-details.html?id=35992	Exploit Third Party Advisory
http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:.net_core:2.1:::::::*
	cpe:2.3:a:microsoft:.net_core:3.1:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:2.0:sp2::::::
	cpe:2.3:a:microsoft:.net_framework:3.0:sp2::::::

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

OR	cpe:2.3:o:microsoft:windows_10:1607:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

OR	cpe:2.3:o:microsoft:windows_10:1803:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1803:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_10:1809:::::::*

Configuration 9 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:3.5:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.8:::::::*

OR	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_10:1809:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1903:::::::*
	cpe:2.3:o:microsoft:windows_10:1903:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1909:::::::*
	cpe:2.3:o:microsoft:windows_10:1909:::::::*
	cpe:2.3:o:microsoft:windows_10:2004:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:2004:::::::*

Configuration 10 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::

Configuration 11 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 12 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:a:microsoft:.net_framework:4.6.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.6.2:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:4.7.2:::::::*

OR	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 14 (hide)

AND

cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_10:1607:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_10:1709:::::::*
	cpe:2.3:o:microsoft:windows_10:1803:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1803:::::::*

Configuration 15 (hide)

OR	cpe:2.3:a:microsoft:sharepoint_server:2010:sp2::::::
	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:::::::*
	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2019:::::::*
	cpe:2.3:a:microsoft:visual_studio_2019::::::::
	cpe:2.3:a:microsoft:visual_studio_2017::::::::

Information

Published : 2020-07-14 16:15

Updated : 2022-07-12 10:42

NVD link : CVE-2020-1147

Mitre link : CVE-2020-1147

JSON object : View

CWE

NVD-CWE-Other

Products Affected

microsoft

windows_server_2016
windows_7
windows_rt_8.1
windows_server_2019
windows_8.1
windows_10
windows_server_2008
sharepoint_server
visual_studio_2019
visual_studio_2017
.net_framework
.net_core
windows_server_2012
sharepoint_enterprise_server

7.8 /10