Informazioni sul CVE-2020-1472
Netlogon Elevation of Privilege Vulnerability
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2020-1472
Descrizione: An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
Vettore di attacco CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: Accesso: Local, Privilegi: Low, Interazione utente: None, Confidenzialità: High, Integrità: None, Disponibilità: None.
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|---|---|---|
| Attack Vector (AV) | L | Local | L’attaccante deve avere accesso locale al sistema. |
| Attack Complexity (AC) | L | Low | L’attacco non richiede condizioni particolari. |
| Privileges Required (PR) | L | Low | Richiede pochi privilegi. |
| User Interaction (UI) | N | None | Non è richiesta interazione dell’utente. |
| Scope (S) | U | Unchanged | Il raggio d’azione non cambia. |
| Confidentiality Impact (C) | H | High | Grave impatto sulla riservatezza. |
| Integrity Impact (I) | N | None | Nessun impatto sull’integrità. |
| Availability Impact (A) | N | None | Nessun impatto sulla disponibilità. |
| Exploit Code Maturity (E) | P | Proof-of-Concept | Esistono PoC. |
| Remediation Level (RL) | O | Official Fix | Patch ufficiale disponibile. |
| Report Confidence (RC) | C | Confirmed | Confermata ufficialmente. |
Riferimenti esterni
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
- https://www.kb.cert.org/vuls/id/490028
- http://www.openwall.com/lists/oss-security/2020/09/17/2
- https://usn.ubuntu.com/4510-1/
- https://usn.ubuntu.com/4510-2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/
- https://usn.ubuntu.com/4559-1/
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- https://security.gentoo.org/glsa/202012-24
- https://www.oracle.com/security-alerts/cpuApr2021.html
- http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html
- https://www.synology.com/security/advisory/Synology_SA_20_21
- http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html
Prodotti interessati
- Microsoft – Windows Server version 2004
- Microsoft – Windows Server 2019
- Microsoft – Windows Server 2019 (Server Core installation)
- Microsoft – Windows Server, version 1909 (Server Core installation)
- Microsoft – Windows Server, version 1903 (Server Core installation)
- Microsoft – Windows Server 2016
- Microsoft – Windows Server 2016 (Server Core installation)
- Microsoft – Windows Server 2008 R2 Service Pack 1
- Microsoft – Windows Server 2008 R2 Service Pack 1 (Server Core installation)
- Microsoft – Windows Server 2012
- Microsoft – Windows Server 2012 (Server Core installation)
- Microsoft – Windows Server 2012 R2
- Microsoft – Windows Server 2012 R2 (Server Core installation)
- Microsoft – Windows Server version 20H2
Relazioni con altri prodotti
Produttore:Microsoft
Prodotto: Windows Server 2019
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2019 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2016
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2016 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2008 R2 Service Pack 1
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2012
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2012 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2012 R2
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server 2012 R2 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: version 1903 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: version 1909 (Server Core installation)
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server version 2004
Anno: 2020
CWE:
CVSS: 0.0
Produttore:Microsoft
Prodotto: Windows Server version 20H2
Anno: 2020
CWE:
CVSS: 0.0