CVE-2020-0611 | ByteOS Network

Vulnerability Details :

CVE-2020-0611

Assigner-microsoft

Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At-14 Jan, 2020 | 23:11

Updated At-04 Aug, 2024 | 06:11

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:microsoft

Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At:14 Jan, 2020 | 23:11

Updated At:04 Aug, 2024 | 06:11

▼CVE Numbering Authority (CNA)

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

Affected Products

Vendor

Microsoft Corporation

Product

Versions

Affected

10 Version 1803 for 32-bit Systems
10 Version 1803 for x64-based Systems
10 Version 1803 for ARM64-based Systems
10 Version 1809 for 32-bit Systems
10 Version 1809 for x64-based Systems
10 Version 1809 for ARM64-based Systems
10 Version 1709 for 32-bit Systems
10 Version 1709 for x64-based Systems
10 Version 1709 for ARM64-based Systems
10 for 32-bit Systems
10 for x64-based Systems
10 Version 1607 for 32-bit Systems
10 Version 1607 for x64-based Systems
7 for 32-bit Systems Service Pack 1
7 for x64-based Systems Service Pack 1
8.1 for 32-bit systems
8.1 for x64-based systems
RT 8.1

Vendor

Microsoft Corporation

Product

Versions

Affected

version 1803 (Core Installation)
2019
2019 (Core installation)
2016
2016 (Core installation)
2008 R2 for Itanium-Based Systems Service Pack 1
2008 R2 for x64-based Systems Service Pack 1
2008 R2 for x64-based Systems Service Pack 1 (Core installation)
2012
2012 (Core installation)
2012 R2
2012 R2 (Core installation)

Vendor

Microsoft Corporation

Product

Windows 10 Version 1903 for 32-bit Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows 10 Version 1903 for x64-based Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows 10 Version 1903 for ARM64-based Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows Server, version 1903 (Server Core installation)

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows 10 Version 1909 for 32-bit Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows 10 Version 1909 for x64-based Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows 10 Version 1909 for ARM64-based Systems

Versions

Affected

unspecified

Vendor

Microsoft Corporation

Product

Windows Server, version 1909 (Server Core installation)

Versions

Affected

unspecified

Problem Types

Type	CWE ID	Description
text	N/A	Remote Code Execution

Type: text

CWE ID: N/A

Description: Remote Code Execution

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611	x_refsource_MISC

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611	x_refsource_MISC x_transferred

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:secure@microsoft.com

Published At:14 Jan, 2020 | 23:15

Updated At:21 Jul, 2021 | 11:39

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 5.1

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1607

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1709

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1803

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1809

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1903

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1909

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1803

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1903

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>1909

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2019>>-

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611	secure@microsoft.com	Patch Vendor Advisory

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory