Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-1113

Published: 21/05/2020 Updated: 28/09/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows 10 1709

microsoft windows 10 1803

microsoft windows 10 1809

microsoft windows 10 1903

microsoft windows 10 1909

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2019 -

microsoft windows server 2019 1903

microsoft windows server 2019 1909

Exploits

Exploit DB: Microsoft Windows Task Scheduler Security Feature Bypass
Compass Security identified a security feature bypass vulnerability in Microsoft Windows Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his choice over the RPC protocol Provided the victim ha ...

Mailing Lists

Full Disclosure: CVE-2020-1113 - Windows Task Scheduler - Security Feature Bypass
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2020-1113 - Windows Task Scheduler - Security Feature Bypass <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

Github Repositories

https://github.com/bodik/awesome-potatoes

Study notes on Windows NTLM Reflection and token stealing based EOPs.

Awesome Windows Potatoes Study notes on Windows NTLM Reflection and token stealing based EOPs Misc RPC/Microsoft RPC/MSRPC (Microsoft Remote Procedure Call) -- is a modified version of DCE/RPC Additions include partial support for UCS-2 (but not Unicode) strings, implicit handles, and complex calculations in the variable-length string and structure paradigms already pre

References

CWE-295https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1113https://nvd.nist.govhttps://github.com/bodik/awesome-potatoeshttps://packetstormsecurity.com/files/157730/Microsoft-Windows-Task-Scheduler-Security-Feature-Bypass.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook