CVE-2020-0665

HIGH

Active Directory - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-0665. PoCs published by gunzf0x.

AI-analyzed exploit summary This PoC exploits CVE-2020-0665, a SID filter bypass vulnerability, by using Frida to intercept and hook processes (e.g., lsass.exe) to manipulate SID values in memory. It requires SYSTEM privileges and targets Windows Server environments.

Description

An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.

Exploits (1)

nomisec WORKING POC 1 stars
by gunzf0x · poc
https://github.com/gunzf0x/CVE-2020-0665

This PoC exploits CVE-2020-0665, a SID filter bypass vulnerability, by using Frida to intercept and hook processes (e.g., lsass.exe) to manipulate SID values in memory. It requires SYSTEM privileges and targets Windows Server environments.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Windows Server (e.g., Server 2016 v1607)
Auth required
Prerequisites: SYSTEM privileges · Frida library · Target process (e.g., lsass.exe)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0428
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (19)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 9 more
Published Feb 11, 2020
Tracked Since Feb 18, 2026