Attacker Value
High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
4

CVE-2020-1147

Disclosure Date: July 14, 2020
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability’.

Add Assessment

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • .net core 2.1,
  • .net core 3.1,
  • .net framework 2.0,
  • .net framework 3.0,
  • .net framework 3.5,
  • .net framework 3.5.1,
  • .net framework 4.5.2,
  • .net framework 4.6,
  • .net framework 4.6.1,
  • .net framework 4.6.2,
  • .net framework 4.7,
  • .net framework 4.7.1,
  • .net framework 4.7.2,
  • .net framework 4.8,
  • sharepoint enterprise server 2013,
  • sharepoint enterprise server 2016,
  • sharepoint server 2010,
  • sharepoint server 2019,
  • visual studio 2017,
  • visual studio 2019

Exploited in the Wild

Reported by:
Technical Analysis