CVE-2020-1206

HIGH EXPLOITED

Microsoft SMBv3 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

Exploits (5)

nomisec WORKING POC 147 stars
by jamf · poc
https://github.com/jamf/CVE-2020-1206-POC
nomisec WRITEUP
by datntsec · poc
https://github.com/datntsec/CVE-2020-1206
inthewild WORKING POC
poc
https://github.com/zecops/cve-2020-1206-poc

References (2)

Scores

CVSS v3 7.5
EPSS 0.3125
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-20
CWE
CWE-908
Status published
Products (6)
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_server_2016 1903
microsoft/windows_server_2016 1909
microsoft/windows_server_2016 2004
Published Jun 09, 2020
Tracked Since Feb 18, 2026