Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-0856

Опубликовано: 11 сент. 2020
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Средний

Описание

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system.

To exploit this condition, an authenticated attacker would need to send a specially crafted request to the AD|DNS service. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system.

The update addresses the vulnerability by correcting how Active Directory integrated DNS (ADIDNS) handles objects in memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.18824
Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

msrc логотип

CVE-2020-0856

CVSS3: 6.5
msrc
почти 5 лет назад

Active Directory Information Disclosure Vulnerability

github логотип

GHSA-hg96-hf3m-f7hp

CVSS3: 6.5
github
около 3 лет назад

An information disclosure vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory, aka 'Active Directory Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0664.

fstec логотип

BDU:2020-04313

CVSS3: 6.5
fstec
почти 5 лет назад

Уязвимость компонента Active Directory integrated DNS (ADIDNS) операционных систем Microsoft Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 95%
0.18824
Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo