Published: 12/03/2020 Updated: 31/03/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Server Message Block 3.1.1 (SMBv3) contains a vulnerability in the way that it handles connections that use compression. This vulnerability may allow a remote, unauthenticated malicious user to execute arbitrary code on a vulnerable system. It has been reported that this vulnerability is "wormable."

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101903, 1909
MicrosoftWindows Server 20161903, 1909


# CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download ~ githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48216zip ## Usage `/CVE-2020-0796py servername` This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the ...

Mailing Lists

Microsoft Windows SMB version 311 suffers from a code execution vulnerability ...

Github Repositories

Little scanner to know if a machine is runnig SMBv3.1.1 (possible vulnerability CVE-2020-0796)

SMBv311 scanner script (can search for ip or subnet)

CVE-2020-0796 Local Privilege Escalation POC

DoS PoC for CVE-2020-0796 (SMBGhost)

CVE-2020-0796 SMBGhost

基于asyncio(协程)的CVE-2020-0796 速度还是十分可观的,方便运维师傅们对内网做下快速检测。

Lightweight PoC and Scanner for CVE-2020-0796 without authentication.

No description or website provided.

CVE-2020-0796 - Working PoC - 20200313

Windows SMBv3 LPE exploit 已编译版

CVE-2020-0796 - a wormable SMBv3 vulnerability.

Scanner for CVE-2020-0796 (SMBGhost)


CVE-2020-0796 - a wormable SMBv3 vulnerability. How to work.

This project is used for scanning cve-2020-0796 SMB vulnerability


Lightweight PoC and Scanner for CVE-2020-0796 without authentication.

Scanner for CVE-2020-0796

PoC remote code execution module for CVE-2020-0796 aka SMBGhost.

Enhancements for NMAP Script Engine SMB2/3 support

No description, website, or topics provided.

No description, website, or topics provided.

Realizando alterações no codigo juntamente com a equipe SHC

Multithread SMB scanner to check CVE-2020-0796 for SMB v3.11

Identifying and Mitigating the CVE-2020–0796 flaw in the fly

Scanner for CVE-2020-0796 - SMBv3 RCE

Weaponized PoC for SMBv3 TCP codec/compression vulnerability

NSE script to detect Potentailly vulnerable CVE-2020-0796 issue "coronablue"

PoC with remote code execution module for CVE-2020-0796 aka SMBGhost.

Coronablue exploit

Scanner script to identify hosts vulnerable to CVE-2020-0796



No description, website, or topics provided.

#comment This depository is for the cve-2020-0796 vulnerability with various canners

CVE-2020-0796 SMBGhost DOS Crash

Powershell SMBv3 Compression checker

cm' on work! ;-)

CVE-2020-0796 Flaw Mitigation - Active Directory Administrative Templates

This repository contains a test case for CVE-2020-0796

Advanced scanner for CVE-2020-0796 - SMBv3 RCE

No description, website, or topics provided.


SMBGHOST local privilege escalation

Scanners List - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1)

No description, website, or topics provided.

No description, website, or topics provided.

No description, website, or topics provided.

This script will apply the workaround for the vulnerability CVE-2020-0796 for the SMBv3 unauthenticated RCE

Scanner for CVE-2020-0796 - A SMBv3.1.1 + SMB compression RCE

Advanced scanner for CVE-2020-0796 - SMBv3 RCE

No description, website, or topics provided.

CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner

Exploiter la vulnérabilité CVE-2020-0796, Remote Code Execution du protocole SMB 3.1.1 (SMBv3).

An unauthenticated PoC for CVE-2020-0796

CVE-2020-0796 Python POC buffer overflow

Lightweight PoC and Scanner for CVE-2020-0796 without authentication.

Check system is vulnerable CVE-2020-0796 (SMB v3)

Checks for vulnerabilities


No description, website, or topics provided.

No description, website, or topics provided.

Powershell SMBv3 Compression checker

CVE-2020-0794 SMBv3.1.1 Compression Capability Vulnerability Scanner

Recent Articles

What happens when the global supply chain breaks?
welivesecurity • Aryeh Goretsky • 27 Mar 2020

Recent events have illustrated the need for robust continuity plans, and while these events are still unfolding, it also brings to light the need for robust supply chain planning. A review of the r/sysadmin group on Reddit reveals comments from systems administrators that their orders for laptops, servers, networking gear are being delayed for at least one to two months… so far. And that is for large enterprises, whose purchase contracts typically extend out over several quarters. Smaller busi...

Windows 10 KB4551762 Security Update Fails to Install, Causes Issues
BleepingComputer • Sergiu Gatlan • 16 Mar 2020

The Windows 10 KB4551762 security update is reportedly failing to install and throwing 0x800f081f, 0x80004005, 0x80073701, 0x800f0988, 0x80071160, and 0x80240016 errors during the installation process according to user reports.
KB4551762 is an out of band security update released by Microsoft last week to patch the critical remote code execution vulnerability (CVE-2020-0796) affecting devices running Windows 10, versions 1903 and 1909, and Windows Server Server Core installations, ve...

Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits crisis SMBv3 worm-cure patch
The Register • Shaun Nichols in San Francisco • 12 Mar 2020

Anyone able to reach a vulnerable machine can get system-level access, no login needed

Microsoft has released an out-of-band emergency patch for a wormable remote-code execution hole in SMBv3, the Windows network file system protocol.
On Thursday morning, Redmond emitted the update to Server Message Block 3.1.1 to kill off a critical flaw word of which leaked out inadvertently this week.
Designated CVE-2020-0796, the bug can be exploited by an unauthenticated attacker to execute malicious code, at administrator level, on an un-patched system simply by sending the targe...

Microsoft Releases KB4551762 Security Update for SMBv3 Vulnerability
BleepingComputer • Sergiu Gatlan • 12 Mar 2020

Microsoft released the KB4551762 security update to patch the pre-auth RCE Windows 10 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3), two days after details regarding the flaw were leaked as part of the March 2020 Patch Tuesday.
The KB4551762 security update tracked as CVE-2020-0796 addresses "a network communication protocol issue that provides shared access to files, printers, and serial ports," according to Microsoft.
KB4551762 can be installed by che...

48K Windows Hosts Vulnerable to SMBGhost CVE-2020-0796 RCE Attacks
BleepingComputer • Sergiu Gatlan • 12 Mar 2020

After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).
Several vulnerability scanners designed to detect Windows devices exposed to attacks are already available on GitHub, including one created by Danish security researcher ollypwn and designed to check if SMBv3 is enable...

Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
Threatpost • Tara Seals • 11 Mar 2020

Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The a patch for the vulnerability, tracked as CVE-2020-0796, is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft.
On Wednesday Microsoft warned of a wormable, unpatched remote code-execution vulnerability in the Microsoft Server Message Block protocol – the same protocol that was targeted by the infamous Wanna...

Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
BleepingComputer • Sergiu Gatlan • 10 Mar 2020

Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday.
The vulnerability is due to an error when the SMBv3 handles maliciously crafted compressed data packets and it allows remote, unauthenticated attackers that exploit it to execute arbitrary code within the context of the applicatio...

Microsoft March 2020 Patch Tuesday Fixes 115 Vulnerabilities
BleepingComputer • Lawrence Abrams • 10 Mar 2020

Today is Microsoft's March 2020 Patch Tuesday and is always stressful for your Windows administrators, so be especially nice to them today.
With the release of the March 2020 security updates, Microsoft has released fixes for 115 vulnerabilities in Microsoft products. Of these vulnerabilities, 24 are classified as Critical, 88 as Important, and 3 as Moderate.
Users should install these security updates as soon as possible to protect Windows from known security risks.
For in...