CVE-2020-1383

Опубликовано: 17 авг. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1383
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1383
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00958

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-1383

CVSS3: 5.5

msrc

почти 5 лет назад

Windows RRAS Service Information Disclosure Vulnerability

GHSA-fwg6-66g7-28f5

CVSS3: 5.5

github

около 3 лет назад

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'.

BDU:2020-04020

CVSS3: 5.5

fstec

почти 5 лет назад

Уязвимость службы маршрутизации и удаленного доступа Windows RRAS операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 75%

0.00958

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo