ID

VAR-202001-0124


CVE

CVE-2020-0605


TITLE

.NET Framework and .NET Core Vulnerable to remote code execution

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110

DESCRIPTION

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606

Trust: 1.62

sources: NVD: CVE-2020-0605 // JVNDB: JVNDB-2020-001110

AFFECTED PRODUCTS

vendor:microsoftmodel:.net corescope:eqversion:3.0

Trust: 1.8

vendor:microsoftmodel:.net corescope:eqversion:3.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.8

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.0

vendor:microsoftmodel:.net corescope:eqversion:1.0

Trust: 1.0

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0 sp2

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110 // NVD: CVE-2020-0605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0605
value: HIGH

Trust: 1.0

NVD: CVE-2020-0605
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-474
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-0605
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-0605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110 // CNNVD: CNNVD-202001-474 // NVD: CVE-2020-0605

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-001110 // NVD: CVE-2020-0605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-474

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001110

PATCH

title:CVE-2020-0605 | .NET Framework Remote Code Execution Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605

Trust: 0.8

title:CVE-2020-0605 | .NET Framework のリモートでコードが実行される脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0605

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110

EXTERNAL IDS

db:NVDid:CVE-2020-0605

Trust: 2.4

db:JVNDBid:JVNDB-2020-001110

Trust: 0.8

db:CNNVDid:CNNVD-202001-474

Trust: 0.6

sources: JVNDB: JVNDB-2020-001110 // CNNVD: CNNVD-202001-474 // NVD: CVE-2020-0605

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-0605

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0605

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2020/at200001.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-0605

Trust: 0.6

sources: JVNDB: JVNDB-2020-001110 // CNNVD: CNNVD-202001-474 // NVD: CVE-2020-0605

SOURCES

db:JVNDBid:JVNDB-2020-001110
db:CNNVDid:CNNVD-202001-474
db:NVDid:CVE-2020-0605

LAST UPDATE DATE

2024-08-14T14:32:24.360000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-001110date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-474date:2021-01-05T00:00:00
db:NVDid:CVE-2020-0605date:2020-01-21T21:22:31.417

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-001110date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-474date:2020-01-14T00:00:00
db:NVDid:CVE-2020-0605date:2020-01-14T23:15:30.427