Sign-up

ID

VAR-202001-0124


CVE

CVE-2020-0605


TITLE

.NET Framework and .NET Core Vulnerable to remote code execution

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110

DESCRIPTION

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606

Trust: 1.62

sources: NVD: CVE-2020-0605 // JVNDB: JVNDB-2020-001110

AFFECTED PRODUCTS

vendor:microsoftmodel:.net corescope:eqversion:3.0

Trust: 1.8

vendor:microsoftmodel:.net corescope:eqversion:3.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.8

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.0

vendor:microsoftmodel:.net corescope:eqversion:1.0

Trust: 1.0

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0 sp2

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110 // NVD: CVE-2020-0605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0605
value: HIGH

Trust: 1.0

NVD: CVE-2020-0605
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-474
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-0605
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-0605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0605
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-001110 // CNNVD: CNNVD-202001-474 // NVD: CVE-2020-0605

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-001110 // NVD: CVE-2020-0605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-474

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-474

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001110

PATCH
title:CVE-2020-0605 | .NET Framework Remote Code Execution Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605
Trust: 0.8
title:CVE-2020-0605 | .NET Framework のリモートでコードが実行される脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0605
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001110

EXTERNAL IDS
db:NVDid:CVE-2020-0605
Trust: 2.4
db:JVNDBid:JVNDB-2020-001110
Trust: 0.8
db:CNNVDid:CNNVD-202001-474
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001110 // 
            
            
            
            CNNVD: CNNVD-202001-474 // 
            
            
            
            NVD: CVE-2020-0605

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-0605
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0605
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2020/at200001.html
Trust: 0.8
url:https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325
Trust: 0.6
url:https://access.redhat.com/security/cve/cve-2020-0605
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001110 // 
            
            
            
            CNNVD: CNNVD-202001-474 // 
            
            
            
            NVD: CVE-2020-0605

SOURCES
db:JVNDBid:JVNDB-2020-001110
db:CNNVDid:CNNVD-202001-474
db:NVDid:CVE-2020-0605

LAST UPDATE DATE
2024-08-14T14:32:24.360000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-001110date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-474date:2021-01-05T00:00:00
db:NVDid:CVE-2020-0605date:2020-01-21T21:22:31.417

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-001110date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-474date:2020-01-14T00:00:00
db:NVDid:CVE-2020-0605date:2020-01-14T23:15:30.427