CVE-2020-0646
CRITICAL KEV NUCLEIMicrosoft .net Framework - Remote Code Execution
Title source: ruleDescription
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/48275
metasploit
WORKING POC
EXCELLENT
by Spencer McIntyre, Soroush Dalili · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sharepoint_workflows_xoml.rb
Nuclei Templates (1)
Microsoft .NET Framework - Remote Code Execution
CRITICALVERIFIEDby pszyszkowski
Shodan:
server:"ms .net remoting"
References (3)
Scores
CVSS v3
9.8
EPSS
0.9386
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-11-03
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2020-2140
CWE
CWE-91
Status
published
Products (11)
microsoft/.net_framework
3.0 sp2
microsoft/.net_framework
3.5
microsoft/.net_framework
4.6.2
microsoft/.net_framework
4.7
microsoft/.net_framework
4.7.1
microsoft/.net_framework
4.7.2
microsoft/.net_framework
4.8
microsoft/.net_framework
3.5.1
microsoft/.net_framework
4.5.2
microsoft/.net_framework
4.6
... and 1 more
Published
Jan 14, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026