CVE-2020-0796

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

Weakness: Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Published: 2020-03-12

Vulnerable Products

• Windows Server 2016
• Windows 10

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-0796 Exploits (78)

• danigargu/CVE-2020-0796 ( 1089)
• ollypwn/SMBGhost ( 580)
• ZecOps/CVE-2020-0796-RCE-POC ( 357)
• eerykitty/CVE-2020-0796-PoC ( 265)
• ZecOps/CVE-2020-0796-LPE-POC ( 215)
• Barriuso/SMBGhost_AutomateExploitation ( 93)
• Rvn0xsy/CVE_2020_0796_CNA ( 66)
• ioncodes/SMBGhost ( 54)
• rsmudge/CVE-2020-0796-BOF ( 51)
• jiansiting/CVE-2020-0796 ( 43)

Show all exploits (+68):

• k8gege/PyLadon ( 35)
• T13nn3s/CVE-2020-0796 ( 29)
• ZecOps/SMBGhost-SMBleed-scanner ( 27)
• eastmountyxz/CVE-2020-0796-SMB ( 27)
• maxpl0it/Unauthenticated-CVE-2020-0796-PoC ( 21)
• Aekras1a/CVE-2020-0796-PoC ( 20)
• Almorabea/SMBGhost-LPE-Metasploit-Module ( 20)
• GuoKerS/aioScan_CVE-2020-0796 ( 16)
• gabimarti/SMBScanner ( 13)
• joaozietolie/CVE-2020-0796-Checker ( 12)
• insightglacier/SMBGhost_Crash_Poc ( 11)
• w1ld3r/SMBGhost_Scanner ( 11)
• f1tz/CVE-2020-0796-LPE-EXP ( 11)
• dickens88/cve-2020-0796-scanner ( 10)
• jiansiting/CVE-2020-0796-Scanner ( 9)
• thelostworldFree/CVE-2020-0796 ( 9)
• ButrintKomoni/cve-2020-0796 ( 6)
• technion/DisableSMBCompression ( 6)
• vysecurity/CVE-2020-0796 ( 5)
• wneessen/SMBCompScan ( 4)
• exp-sky/CVE-2020-0796 ( 3)
• tango-j/CVE-2020-0796 ( 3)
• laolisafe/CVE-2020-0796 ( 2)
• cory-zajicek/CVE-2020-0796-DoS ( 1)
• BinaryShadow94/SMBv3.1.1-scan---CVE-2020-0796 ( 1)
• MasterSploit/LPE---CVE-2020-0796 ( 1)
• awareseven/eternalghosttest ( 1)
• sujitawake/smbghost ( 1)
• LabDookhtegan/CVE-2020-0796-EXP ( 1)
• codewithpradhan/SMBGhost-CVE-2020-0796- ( 1)
• netscylla/SMBGhost ( 1)
• AaronWilsonGrylls/CVE-2020-0796-POC
• IAreKyleW00t/SMBGhosts
• TinToSer/CVE-2020-0796-LPE
• UraSecTeam/smbee
• aloswoya/CVE-2020-0796-cobaltstrike-cna
• bacth0san96/SMBGhostScanner
• getdrive/smbghost
• halsten/CVE-2020-0796
• julixsalas/CVE-2020-0796
• kn6869610/CVE-2020-0796
• marcinguy/CVE-2020-0796
• plorinquer/cve-2020-0796
• section-c/CVE-2020-0796
• tripledd/cve-2020-0796-vuln
• wsfengfan/CVE-2020-0796
• ysyyrps123/CVE-2020-0796
• darthploit/CVE-2020-0796
• darthploit/CVE-2020-0796-POC
• gavz/CVE-2020-0796
• gavz/CVE-2020-0796-POC
• ran-sama/cve-2020-0796
• rapid7/metasploit-framework/modules/exploits/windows/local/cve_2020_0796_smbghost.rb
• datntsec/CVE-2020-0796
• xax007/CVE-2020-0796-Scanner
• Dhoomralochana/Scanners-for-CVE-2020-0796-Testing
• Almorabea/SMBGhost-WorkaroundApplier
• ran-sama/CVE-2020-0796
• 5l1v3r1/CVE-2020-0796-PoC-and-Scan
• intelliroot-tech/cve-2020-0796-Scanner
• 1060275195/SMBGhost
• 5l1v3r1/smbghost-5
• weidutech/CVE-2020-0796-PoC
• alexa872/CVE-2020-0796
• 5l1v3r1/SMBGhost_Crash_Poc
• ysyyrps123/CVE-2020-0796-exp
• DreamoneOnly/CVE-2020-0796-LPE
• 0xtobu/CVE-2020-0796

Official CVE References

View references (7)

• packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html
• packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html
• packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html
• packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html
• packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html
• packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html
• msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796