CVE-2020-0646

CRITICALCISA KEV

9.8

Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/14/2020

Derniere modification10/29/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurMicrosoft

Produit.NET Framework

Nom vulnerabiliteMicrosoft .NET Framework Remote Code Execution Vulnerability

Date ajout KEV2021-11-03

Date limite remediation2022-05-03

Utilise dans ransomwareUnknown

Produits affectes

microsoft:.net_frameworkmicrosoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_10_1909microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Faiblesses (CWE)

CWE-91CWE-91

References

http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646(secure@microsoft.com)

http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html(af854a3a-2127-422b-91ae-364da2661108)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0646(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.