Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2020-0796
PUBLISHEDA remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests,...
- Vendor
- Microsoft
- Product
- Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation)
- Published
- Mar 12, 2020
- EPSS
- —
Description
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:P/I:P/A:P
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
- http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html
- http://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Feb 10, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-0796.yaml | Jun 01, 2026 |
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/cve_2020_0796_smbghost.rb | Apr 29, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2025-04-19 05:29:17 UTC · 1 stars
github · Created 2025-02-26 04:14:32 UTC · 0 stars
github · Created 2025-01-29 08:52:02 UTC · 1 stars
github · Created 2023-05-29 06:31:51 UTC · 6 stars
WindowsProtocolTestSuites is to trigger BSoD, and full exploit poc.
github · Created 2023-01-29 04:29:49 UTC · 0 stars
windows 10 SMB vulnerability
github · Created 2022-06-07 17:16:16 UTC · 1 stars
CVE-2020-0796 explanation and researching vulnerability for term porject CENG325
github · Created 2021-10-09 04:52:55 UTC · 4 stars
Remote Code Execution POC for CVE-2020-0796
github · Created 2021-09-04 15:07:15 UTC · 2 stars
github · Created 2020-11-20 09:00:08 UTC · 2 stars
github · Created 2020-09-28 05:23:20 UTC · 2 stars
To crash Windows-10 easily
github · Created 2020-09-17 01:48:37 UTC · 70 stars
github · Created 2020-06-09 06:18:54 UTC · 3 stars
SMBv3 Ghost (CVE-2020-0796) Vulnerability
github · Created 2020-05-28 08:41:12 UTC · 0 stars
github · Created 2020-04-22 09:10:15 UTC · 2 stars
github · Created 2020-04-22 09:09:02 UTC · 11 stars
PoC RCE Reverse Shell for CVE-2020-0796 (SMBGhost)
github · Created 2020-04-20 14:35:48 UTC · 553 stars
CVE-2020-0796 Remote Code Execution POC
github · Created 2020-04-02 15:32:10 UTC · 1 stars
CVE-2020-0796-EXP
github · Created 2020-04-02 12:12:03 UTC · 33 stars
该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢~
github · Created 2020-04-01 01:46:08 UTC · 62 stars
github · Created 2020-03-31 11:25:50 UTC · 17 stars
Windows SMBv3 LPE exploit 已编译版
github · Created 2020-03-31 05:41:30 UTC · 2 stars
SMBGHOST local privilege escalation
github · Created 2020-03-30 16:06:50 UTC · 241 stars
CVE-2020-0796 Local Privilege Escalation POC
github · Created 2020-03-30 11:42:56 UTC · 1318 stars
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
github · Created 2020-03-21 18:17:10 UTC · 1 stars
DoS PoC for CVE-2020-0796 (SMBGhost)
github · Created 2020-03-16 15:39:22 UTC · 1 stars
Scanner for CVE-2020-0796
github · Created 2020-03-16 00:47:41 UTC · 1 stars
Lightweight PoC and Scanner for CVE-2020-0796 without authentication.
github · Created 2020-03-15 22:17:50 UTC · 21 stars
An unauthenticated PoC for CVE-2020-0796
github · Created 2020-03-15 03:17:47 UTC · 9 stars
CVE-2020-0796-Scanner
github · Created 2020-03-14 23:39:25 UTC · 16 stars
基于asyncio(协程)的CVE-2020-0796 速度还是十分可观的,方便运维师傅们对内网做下快速检测。
github · Created 2020-03-14 05:39:37 UTC · 0 stars
CVE-2020-0796 Python POC buffer overflow
github · Created 2020-03-13 08:34:31 UTC · 5 stars
CVE-2020-0796 - Working PoC - 20200313
github · Created 2020-03-12 19:46:25 UTC · 2 stars
SMBv3 RCE vulnerability in SMBv3
github · Created 2020-03-12 18:34:40 UTC · 327 stars
PoC for triggering buffer overflow via CVE-2020-0796
github · Created 2020-03-12 15:36:43 UTC · 0 stars
CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner
github · Created 2020-03-12 02:47:49 UTC · 0 stars
github · Created 2020-03-11 16:23:03 UTC · 14 stars
Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1)
github · Created 2020-03-11 09:13:48 UTC · 28 stars
Powershell SMBv3 Compression checker
github · Created 2020-03-10 21:40:57 UTC · 19 stars
Weaponized PoC for SMBv3 TCP codec/compression vulnerability
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Metasploit
-
Detected by Nuclei