CVE-2020-0796 - Microsoft SMBv3 - Remote Code Execution 💰


### Description: 
> Microsoft Server Message Block 3.1.1 (SMBv3) contains a remote code execution caused by mishandling of certain requests in the SMBv3 protocol, letting remote attackers execute arbitrary code, exploit requires network access to SMBv3 service.

#### Severity: `Critical`

#### POC: 
- http://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.html
- https://github.com/tdevworks/CVE-2020-0796-SMBGhost-Exploit-Demo
- https://github.com/DannyRavi/nmap-scripts
- https://vulncheck.com/xdb/4e6bc5ec8634
- https://github.com/madanokr001/CVE-2020-0796
- https///github.com:madanokr001/CVE-2020-0796.git
- https://vulncheck.com/xdb/0dcd49541f47
- https://github.com/monjheta/CVE-2020-0796
- https///github.com:monjheta/CVE-2020-0796.git
- https://vulncheck.com/xdb/2a4b6e1593eb
- https///github.com:Kaizzzo1/cve-2020-00796.git
- https://vulncheck.com/xdb/14a46f453670
- https://github.com/Kaizzzo1/CVE-2020-0796
- https///github.com:Kaizzzo1/CVE-2020-0796.git
- https://github.com/z3ena/Exploiting-and-Mitigating-CVE-2020-0796-SMBGhost-and-Print-Spooler-Vulnerabilities
- https://github.com/AdamSonov/smbGhostCVE-2020-0796
- https://vulncheck.com/xdb/fff5ddf87547
- https://github.com/hungdnvp/POC-CVE-2020-0796
- https///github.com:hungdnvp/POC-CVE-2020-0796.git
- https://vulncheck.com/xdb/48181658a679
- https://github.com/dungnm24/CVE-2020-0796
- https///github.com:dungnm24/CVE-2020-0796.git
- https://vulncheck.com/xdb/ff75d491e221
- https://github.com/OldDream666/cve-2020-0796
- https///github.com:OldDream666/cve-2020-0796.git
- https://github.com/krizzz07/CVE-2020-0796
- https://github.com/TweatherQ/CVE-2020-0796
- https://github.com/SEHandler/CVE-2020-0796
- https://vulncheck.com/xdb/b8b6072526a3
- https///gitlab.com:ran-sama/CVE-2020-0796.git
- https://github.com/arzuozkan/CVE-2020-0796
- https://github.com/vsai94/ECE9069_SMBGhost_Exploit_CVE-2020-0796-
- https://vulncheck.com/xdb/d69aadafc43a
- https///gitee.com:mirrors_ZecOps/CVE-2020-0796-RCE-POC.git
- https://vulncheck.com/xdb/04badb202b58
- https///gitee.com:mirrors_danigargu/CVE-2020-0796.git
- https://vulncheck.com/xdb/5f415b7a9395
- https///gitee.com:mirrors_eerykitty/CVE-2020-0796-PoC.git
- https://vulncheck.com/xdb/0edf8728bb5f
- https://github.com/lisinan988/CVE-2020-0796-exp
- https///github.com:lisinan988/CVE-2020-0796-exp.git
- https://vulncheck.com/xdb/a788d7636e90
- https///gitee.com:xiaobaiyimei0/CVE-2020-0796-PoC.git
- https://github.com/F6JO/CVE-2020-0796-Batch-scanning
- https://vulncheck.com/xdb/216af6a16e50
- https://github.com/Murasame-nc/CVE-2020-0796-LPE-POC
- https///github.com:Murasame-nc/CVE-2020-0796-LPE-POC.git
- https://vulncheck.com/xdb/33e62c3dd628
- https://github.com/orangmuda/CVE-2020-0796
- https///github.com:orangmuda/CVE-2020-0796.git
- https://github.com/Opensitoo/cve-2020-0796
- https://github.com/Anonimo501/SMBGhost_CVE-2020-0796_checker
- https://vulncheck.com/xdb/d7d5d53f4bea
- https///gitee.com:li-yuemin-95/CVE-2020-0796-PoC.git
- https://github.com/1stPeak/CVE-2020-0796-Scanner
- https://vulncheck.com/xdb/c489f75bf99d
- https///gitee.com:llsw/CVE-2020-0796.git
- https://vulncheck.com/xdb/6d070666358a
- https///gitee.com:llsw/SMBGhost.git
- https://vulncheck.com/xdb/a08cd7c0ec40
- https///gitee.com:wsstest/CVE-2020-0796-PoC.git
- https://vulncheck.com/xdb/17f7ca6e1bfa
- https///gitee.com:keepb1ue/CVE-2020-0796.git
- https://vulncheck.com/xdb/0783c8074cff
- https///gitee.com:keepb1ue/CVE-2020-0796-PoC.git
- https://vulncheck.com/xdb/42d4e59819e1
- https///gitee.com:keepb1ue/cve-2020-0797.git
- https://vulncheck.com/xdb/df0832d0144e
- https://github.com/MasterSploit/LPE---CVE-2020-0796
- https///github.com:MasterSploit/LPE---CVE-2020-0796.git
- https://vulncheck.com/xdb/132b45db5c90
- https://github.com/datntsec/CVE-2020-0796
- https///github.com:datntsec/CVE-2020-0796.git
- https://github.com/AaronCaiii/CVE-2020-0796-POC
- https://vulncheck.com/xdb/cf4d2847f48a
- https///github.com:Ken-Abruzzi/cve_2020_0796.git
- https://vulncheck.com/xdb/f8f7a66ca404
- https://github.com/codewithpradhan/SMBGhost-CVE-2020-0796-
- https///github.com:codewithpradhan/SMBGhost-CVE-2020-0796-.git
- https://vulncheck.com/xdb/189b546ce23d
- https://github.com/rsmudge/CVE-2020-0796-BOF
- https///github.com:rsmudge/CVE-2020-0796-BOF.git
- https://vulncheck.com/xdb/1e6f8ca038f7
- https///gitee.com:Dyan_code/CVE-2020-0796-SMB.git
- https://vulncheck.com/xdb/673033cc1f2d
- https///gitee.com:shamorkFu/SMBGhost_Crash_Poc.git
- https://vulncheck.com/xdb/9f1dbe33c767
- https///github.com:Ascotbe/Kernelhub.git
- https://github.com/jamf/SMBGhost-SMBleed-scanner
- https://vulncheck.com/xdb/484b2a81c82e
- https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module
- https///github.com:Almorabea/SMBGhost-LPE-Metasploit-Module.git
- https://github.com/1060275195/SMBGhost
- https://vulncheck.com/xdb/1f736df77952
- https://github.com/Barriuso/SMBGhost_AutomateExploitation
- https///github.com:Barriuso/SMBGhost_AutomateExploitation.git
- https://github.com/exp-sky/CVE-2020-0796
- https://vulncheck.com/xdb/424a6065b5a6
- https///gitee.com:quan2020/CVE-2020-0796.git

### KEV: True

### Shodan Query: `cpe:"cpe:2.3:o:microsoft:windows_10_1903"`

> Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(`-debug`) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file. 

> Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.

You can check the FAQ for the Nuclei Templates Community Rewards Program [here](https://github.com/projectdiscovery/nuclei-templates/blob/main/Community-Rewards-FAQ.md).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-0796 - Microsoft SMBv3 - Remote Code Execution 💰 #12271

Description:

Severity: `Critical`

POC:

KEV: True

Shodan Query: `cpe:"cpe:2.3:o:microsoft:windows_10_1903"`

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2020-0796 - Microsoft SMBv3 - Remote Code Execution 💰 #12271

Description

Description:

Severity: Critical

POC:

KEV: True

Shodan Query: cpe:"cpe:2.3:o:microsoft:windows_10_1903"

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Severity: `Critical`

Shodan Query: `cpe:"cpe:2.3:o:microsoft:windows_10_1903"`