Sign-up

ID

VAR-202001-0125


CVE

CVE-2020-0606


TITLE

.NET Framework and .NET Core Vulnerable to remote code execution

Trust: 0.8

sources: JVNDB: JVNDB-2020-001106

DESCRIPTION

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605

Trust: 1.71

sources: NVD: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // VULMON: CVE-2020-0606

AFFECTED PRODUCTS

vendor:microsoftmodel:.net corescope:eqversion:3.0

Trust: 1.8

vendor:microsoftmodel:.net corescope:eqversion:3.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:4.8

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.0

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0 sp2

Trust: 0.8

sources: JVNDB: JVNDB-2020-001106 // NVD: CVE-2020-0606

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0606
value: HIGH

Trust: 1.0

NVD: CVE-2020-0606
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-469
value: HIGH

Trust: 0.6

VULMON: CVE-2020-0606
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-0606
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-0606
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0606
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-0606 // JVNDB: JVNDB-2020-001106 // CNNVD: CNNVD-202001-469 // NVD: CVE-2020-0606

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-001106 // NVD: CVE-2020-0606

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-469

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001106

PATCH
title:CVE-2020-0606 | .NET Framework Remote Code Execution Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606
Trust: 0.8
title:CVE-2020-0606 | .NET Framework のリモートでコードが実行される脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0606
Trust: 0.8
title:Microsoft .NET Repair measures for software security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108467
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2020/01/14/patch_tuesday_january_2020/
Trust: 0.2
title:ZYXEl-CTF-WriteUpurl:https://github.com/HeiTang/ZYXEl-CTF-WriteUp 
Trust: 0.1
title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-january-2020
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-0606 // 
            
            
            
            JVNDB: JVNDB-2020-001106 // 
            
            
            
            CNNVD: CNNVD-202001-469

EXTERNAL IDS
db:NVDid:CVE-2020-0606
Trust: 2.5
db:JVNDBid:JVNDB-2020-001106
Trust: 0.8
db:CNNVDid:CNNVD-202001-469
Trust: 0.6
db:VULMONid:CVE-2020-0606
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-0606 // 
            
            
            
            JVNDB: JVNDB-2020-001106 // 
            
            
            
            CNNVD: CNNVD-202001-469 // 
            
            
            
            NVD: CVE-2020-0606

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-0606
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0606
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html
Trust: 0.8
url:https://www.jpcert.or.jp/at/2020/at200001.html
Trust: 0.8
url:https://vigilance.fr/vulnerability/microsoft-net-framework-vulnerabilities-of-january-31325
Trust: 0.6
url:https://access.redhat.com/security/cve/cve-2020-0606
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111384
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-0606 // 
            
            
            
            JVNDB: JVNDB-2020-001106 // 
            
            
            
            CNNVD: CNNVD-202001-469 // 
            
            
            
            NVD: CVE-2020-0606

SOURCES
db:VULMONid:CVE-2020-0606
db:JVNDBid:JVNDB-2020-001106
db:CNNVDid:CNNVD-202001-469
db:NVDid:CVE-2020-0606

LAST UPDATE DATE
2024-08-14T15:33:44.342000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-0606date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2020-001106date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-469date:2021-01-04T00:00:00
db:NVDid:CVE-2020-0606date:2020-01-17T03:03:34.437

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-0606date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001106date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-469date:2020-01-14T00:00:00
db:NVDid:CVE-2020-0606date:2020-01-14T23:15:30.487