CVE-2020-0910

HIGH

Microsoft Windows 10 - Improper Input Validation

Title source: rule

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

Exploits (1)

nomisec WORKING POC

by kfmgang · poc

https://github.com/kfmgang/CVE-2020-0910

View Code ZIP pw:eip

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0910

Scores

CVSS v3 8.4

EPSS 0.1477

EPSS Percentile 94.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (6)

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_server_2016 1903

microsoft/windows_server_2016 1909

microsoft/windows_server_2019

Published Apr 15, 2020

Tracked Since Feb 18, 2026