CVE-2020-1350

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
CISA-ADPADP
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350