CVE-2020-0796 — Microsoft SMBv3 Remote Code Execution Vulnerability
2022-02-10 • CISA Known Exploited Vulnerability
[event] A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | SMBv3 |
| CWE | CWE-119 |
| CVE ID | CVE-2020-0796 |
| Date Added | 2022-02-10 |
| Due Date | 2022-08-10 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-08-10