ID

VAR-202001-0125


CVE

CVE-2020-0606


TITLE

.NET Framework and .NET Core Vulnerable to remote code execution

Trust: 0.8

sources: JVNDB: JVNDB-2020-001106

DESCRIPTION

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605

Trust: 1.71

sources: NVD: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // VULMON: CVE-2020-0606

AFFECTED PRODUCTS

vendor:microsoftmodel:.net corescope:eqversion:3.0

Trust: 1.8

vendor:microsoftmodel:.net corescope:eqversion:3.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.8

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.0

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0 sp2

Trust: 0.8

sources: JVNDB: JVNDB-2020-001106 // NVD: CVE-2020-0606

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0606
value: HIGH

Trust: 1.0

NVD: CVE-2020-0606
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-469
value: HIGH

Trust: 0.6

VULMON: CVE-2020-0606
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-0606
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-0606
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0606
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // CNNVD: CNNVD-202001-469 // NVD: CVE-2020-0606

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-001106 // NVD: CVE-2020-0606

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-469

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-469

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001106

PATCH

title:CVE-2020-0606 | .NET Framework Remote Code Execution Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606

Trust: 0.8

title:CVE-2020-0606 | .NET Framework のリモートでコードが実行される脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0606

Trust: 0.8

title:Microsoft .NET Repair measures for software security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108467

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/

Trust: 0.2

title:ZYXEl-CTF-WriteUpurl:https://github.com/HeiTang/ZYXEl-CTF-WriteUp

Trust: 0.1

title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020

Trust: 0.1

sources: VULMON: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // CNNVD: CNNVD-202001-469

EXTERNAL IDS

db:NVDid:CVE-2020-0606

Trust: 2.5

db:JVNDBid:JVNDB-2020-001106

Trust: 0.8

db:CNNVDid:CNNVD-202001-469

Trust: 0.6

db:VULMONid:CVE-2020-0606

Trust: 0.1

sources: VULMON: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // CNNVD: CNNVD-202001-469 // NVD: CVE-2020-0606

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-0606

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0606

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2020/at200001.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-0606

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111384

Trust: 0.1

sources: VULMON: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // CNNVD: CNNVD-202001-469 // NVD: CVE-2020-0606

SOURCES

db:VULMONid:CVE-2020-0606
db:JVNDBid:JVNDB-2020-001106
db:CNNVDid:CNNVD-202001-469
db:NVDid:CVE-2020-0606

LAST UPDATE DATE

2024-08-14T15:33:44.342000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-0606date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2020-001106date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-469date:2021-01-04T00:00:00
db:NVDid:CVE-2020-0606date:2020-01-17T03:03:34.437

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-0606date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001106date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-469date:2020-01-14T00:00:00
db:NVDid:CVE-2020-0606date:2020-01-14T23:15:30.487