CVE-2020-16894

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 7.7

CVSS2: 6.8

EPSS Низкий

Описание

A denial of service vulnerability exists when Windows Network Address Translation (NAT) on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.

To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

The update addresses the vulnerability by modifying how Windows NAT accesses the host.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16894
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16894
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02622

Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-16894

CVSS3: 7.7

msrc

больше 4 лет назад

Windows NAT Denial of Service Vulnerability

GHSA-c7jg-8cqr-88pq

CVSS3: 7.7

github

около 3 лет назад

A remote code execution vulnerability exists when Windows Network Address Translation (NAT) fails to properly handle UDP traffic, aka 'Windows NAT Remote Code Execution Vulnerability'.

BDU:2020-04761

CVSS3: 7.7

fstec

больше 4 лет назад

Уязвимость реализации технологии Network Address Translation операционной системы Windows, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 85%

0.02622

Низкий

7.7 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo