cve-2020-0796/cve-2020-0796
CVE-2020-0796 - a wormable SMBv3 vulnerability. How to work.
| repo name | cve-2020-0796/cve-2020-0796 |
| repo link | https://github.com/cve-2020-0796/cve-2020-0796 |
| homepage | |
| language | Python |
| size (curr.) | 27 kB |
| stars (curr.) | 129 |
| created | 2020-03-11 |
| license | |
CVE-2020-0796
To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
Workacounds: Disable SMBv3 compression: You can disable compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.
- Block TCP port 445 at the enterprise perimeter firewall
- Follow Microsoft guidelines to prevent SMB traffic from lateral connections and entering or leaving the network Preventing SMB traffic from lateral connections and entering or leaving the network
- Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability?
