Unknown
CVE-2020-17049
Add Reference
Description
URL
Type
CVE-2020-17049
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Add Assessment
Technical Analysis
Technical analysis and exploit of the vulnerability are now publicly available:
https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/
https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/
https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/
Technical Analysis
Based on https://twitter.com/jakekarnes42/status/1329825159247642624
“The vulnerability impacts constrained delegation, which could be present in a single domain/forest. “
Note that the patch itself requires registry keys to be entered. Merely installing updates does not appear to protect the domain. There are issues introduced by this patch with Citrix and Federated Authentication service. (source https://twitter.com/mrgrayaz/status/1328517824633978912)
CVSS V3 Severity and Metrics
General Information
Vendors
- Microsoft
Products
- Windows Server,
- Windows Server, version 1909 (Server Core installation),
- Windows Server, version 1903 (Server Core installation),
- Windows Server, version 2004 (Server Core installation),
- Windows Server, version 20H2 (Server Core Installation)
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).