Back to KEVs

CVE-2020-0796

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 04, 2019
Published Date
March 12, 2020
Last Updated
February 04, 2025
Vendor
Microsoft
Product
Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)
Description
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2022-02-10 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2025-04-19 05:29:17 UTC) Source
Used in Malware
Yes (added 2022-02-10 00:00:00 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-02-10 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/cve_2020_0796_smbghost.rb 2025-04-29 11:01:44 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

cve_2020_0796_smbghost

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-0796

cve_2020_0796_smbghost

Type: metasploit • Created: Unknown

Metasploit module for CVE-2020-0796

madanokr001/CVE-2020-0796

Type: github • Created: 2025-04-19 05:29:17 UTC • Stars: 1

monjheta/CVE-2020-0796

Type: github • Created: 2025-02-26 04:14:32 UTC • Stars: 0

Kaizzzo1/CVE-2020-0796

Type: github • Created: 2025-01-29 08:52:02 UTC • Stars: 1

dungnm24/CVE-2020-0796

Type: github • Created: 2023-05-29 06:31:51 UTC • Stars: 6

WindowsProtocolTestSuites is to trigger BSoD, and full exploit poc.

orangmuda/CVE-2020-0796

Type: github • Created: 2021-10-09 04:52:55 UTC • Stars: 4

Remote Code Execution POC for CVE-2020-0796

Anonimo501/SMBGhost_CVE-2020-0796_checker

Type: github • Created: 2021-09-04 15:07:15 UTC • Stars: 2

MasterSploit/LPE---CVE-2020-0796

Type: github • Created: 2020-11-20 09:00:08 UTC • Stars: 2

codewithpradhan/SMBGhost-CVE-2020-0796-

Type: github • Created: 2020-09-28 05:23:20 UTC • Stars: 2

To crash Windows-10 easily

rsmudge/CVE-2020-0796-BOF

Type: github • Created: 2020-09-17 01:48:37 UTC • Stars: 70

exp-sky/CVE-2020-0796

Type: github • Created: 2020-06-09 06:18:54 UTC • Stars: 3

SMBv3 Ghost (CVE-2020-0796) Vulnerability

syadg123/CVE-2020-0796

Type: github • Created: 2020-04-22 09:10:15 UTC • Stars: 2

thelostworldFree/CVE-2020-0796

Type: github • Created: 2020-04-22 09:09:02 UTC • Stars: 11

PoC RCE Reverse Shell for CVE-2020-0796 (SMBGhost)

jamf/CVE-2020-0796-RCE-POC

Type: github • Created: 2020-04-20 14:35:48 UTC • Stars: 553

CVE-2020-0796 Remote Code Execution POC

LabDookhtegan/CVE-2020-0796-EXP

Type: github • Created: 2020-04-02 15:32:10 UTC • Stars: 1

CVE-2020-0796-EXP

eastmountyxz/CVE-2020-0796-SMB

Type: github • Created: 2020-04-02 12:12:03 UTC • Stars: 33

该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢~

jiansiting/CVE-2020-0796

Type: github • Created: 2020-04-01 01:46:08 UTC • Stars: 62

tango-j/CVE-2020-0796

Type: github • Created: 2020-03-31 19:01:52 UTC • Stars: 4

Coronablue exploit

f1tz/CVE-2020-0796-LPE-EXP

Type: github • Created: 2020-03-31 11:25:50 UTC • Stars: 17

Windows SMBv3 LPE exploit 已编译版

TinToSer/CVE-2020-0796-LPE

Type: github • Created: 2020-03-31 05:41:30 UTC • Stars: 2

SMBGHOST local privilege escalation

jamf/CVE-2020-0796-LPE-POC

Type: github • Created: 2020-03-30 16:06:50 UTC • Stars: 241

CVE-2020-0796 Local Privilege Escalation POC

danigargu/CVE-2020-0796

Type: github • Created: 2020-03-30 11:42:56 UTC • Stars: 1318

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

cory-zajicek/CVE-2020-0796-DoS

Type: github • Created: 2020-03-21 18:17:10 UTC • Stars: 1

DoS PoC for CVE-2020-0796 (SMBGhost)

julixsalas/CVE-2020-0796

Type: github • Created: 2020-03-16 15:39:22 UTC • Stars: 1

Scanner for CVE-2020-0796

ran-sama/CVE-2020-0796

Type: github • Created: 2020-03-16 00:47:41 UTC • Stars: 1

Lightweight PoC and Scanner for CVE-2020-0796 without authentication.

maxpl0it/Unauthenticated-CVE-2020-0796-PoC

Type: github • Created: 2020-03-15 22:17:50 UTC • Stars: 21

An unauthenticated PoC for CVE-2020-0796

jiansiting/CVE-2020-0796-Scanner

Type: github • Created: 2020-03-15 03:17:47 UTC • Stars: 9

CVE-2020-0796-Scanner

GuoKerS/aioScan_CVE-2020-0796

Type: github • Created: 2020-03-14 23:39:25 UTC • Stars: 16

基于asyncio(协程)的CVE-2020-0796 速度还是十分可观的,方便运维师傅们对内网做下快速检测。

wsfengfan/CVE-2020-0796

Type: github • Created: 2020-03-14 05:39:37 UTC • Stars: 0

CVE-2020-0796 Python POC buffer overflow

vysecurity/CVE-2020-0796

Type: github • Created: 2020-03-13 08:34:31 UTC • Stars: 5

CVE-2020-0796 - Working PoC - 20200313

laolisafe/CVE-2020-0796

Type: github • Created: 2020-03-12 19:46:25 UTC • Stars: 2

SMBv3 RCE vulnerability in SMBv3

eerykitty/CVE-2020-0796-PoC

Type: github • Created: 2020-03-12 18:34:40 UTC • Stars: 327

PoC for triggering buffer overflow via CVE-2020-0796

xax007/CVE-2020-0796-Scanner

Type: github • Created: 2020-03-12 15:36:43 UTC • Stars: 0

CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner

joaozietolie/CVE-2020-0796-Checker

Type: github • Created: 2020-03-11 16:23:03 UTC • Stars: 14

Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1)

T13nn3s/CVE-2020-0796

Type: github • Created: 2020-03-11 09:13:48 UTC • Stars: 28

Powershell SMBv3 Compression checker

0x25bit/CVE-2020-0796-PoC

Type: github • Created: 2020-03-10 21:40:57 UTC • Stars: 19

Weaponized PoC for SMBv3 TCP codec/compression vulnerability