CVE-2020-1206

HIGH EXPLOITED

Windows 10 and Windows Server 2016 - Information Disclosure via SMBv3 Uninitialized Memory Read

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-1206 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including jamf, datntsec.

AI-analyzed exploit summary This repository contains PowerShell scripts demonstrating exploitation of CVE-2020-1206, a vulnerability in Microsoft Windows. The scripts include various administrative tasks such as adding users to local groups, creating DFS folders, and adding printers, which can be leveraged for privilege escalation or lateral movement.

Description

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.

Exploits (3)

nomisec WORKING POC 147 stars
by jamf · poc
https://github.com/jamf/CVE-2020-1206-POC

This repository contains PowerShell scripts demonstrating exploitation of CVE-2020-1206, a vulnerability in Microsoft Windows. The scripts include various administrative tasks such as adding users to local groups, creating DFS folders, and adding printers, which can be leveraged for privilege escalation or lateral movement.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (various versions)
Auth required
Prerequisites: Access to a vulnerable Windows system · Local or domain administrative privileges to execute scripts
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by datntsec · poc
https://github.com/datntsec/CVE-2020-1206

This repository contains a detailed writeup in Vietnamese explaining the CVE-2020-1206 (SMBleed) vulnerability, which allows information leakage in the SMB protocol. It describes how the vulnerability can be exploited to leak kernel memory addresses and potentially combined with CVE-2020-0796 (SMBGhost) for remote code execution.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows SMBv3 (srv2.sys)
Auth required
Prerequisites: Network access to the target SMB server · Valid SMB session setup (authentication required)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/zecops/cve-2020-1206-poc

This repository contains functional PowerShell scripts demonstrating CVE-2020-1206, a vulnerability in Microsoft Windows. The scripts include various administrative tasks that could be exploited to manipulate system configurations, user permissions, and network settings.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (various versions)
Auth required
Prerequisites: Administrative privileges · Access to target system
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.3423
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-20
CWE
CWE-908
Status published
Products (6)
microsoft/windows_10 1903
microsoft/windows_10 1909
microsoft/windows_10 2004
microsoft/windows_server_2016 1903
microsoft/windows_server_2016 1909
microsoft/windows_server_2016 2004
Published Jun 09, 2020
Tracked Since Feb 18, 2026