5.8
CVSSv2

CVE-2020-16898

Published: 16/10/2020 Updated: 23/10/2020
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft Windows could allow a remote malicious user to execute arbitrary code on the system, caused by improper handling of ICMPv6 Router Advertisement packets in the TCP/IP stack. By sending specially crafted ICMPv6 Router Advertisement packets, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Github Repositories

A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)

"Bad Neighbor" Detection, CVE-2020-16898 (Windows TCP/IP RCE) Summary: A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability) References: corelightblog portalmsrcmicrosoftcom/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC Other detection packages developed independently and concurrently by the

CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC

CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC poc CVE-2020-16898_Checker-poc但是测试感觉不好用测不出来 测试了感觉测不出来 命令: 管理员启动powershell Powershellexe -ExecutionPolicy UnRestricted -File \CVE-2020-16898-pocps1 CVE-2020-16898-poctxt 是CVE-2020-16898-pocps1的源码 exp cve-2020-16898-exp2

Detects CVE-2020-16898: "Bad Neighbor"

Zeek Package for Bad Neighbor Detection Detects CVE-2020-16898: "Bad Neighbor" Quick Start If you already have Zeek and zkg installed, simply run: zkg install githubcom/esnet-security/cve-2020-16898 If this is being installed on a cluster, install the package on the manager, then deploy it via: zeekctl deploy Updating and Unloading We use SemVer for ver

CVE-202-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

CVE-2020-16898: “Bad Neighbor” CVSS Score: 90 CVSS Vector: CVSS30/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C Overview On October 13, Microsoft announced an exceptionally critical vulnerability in the Windows IPv6 stack, which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system The proof-of-concept

Zeek detection for CVE-2020-16898-"Bad Neighbor"

Simple policy to detect CVE-2020-16898: Bad Neighbor Following functionality are provided by the script :: Script checks on heuristic described here: wwwmcafeecom/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/ Installation zeek-pkg install zeek/initconf/CVE-2020-16898-Bad-Neighbor or @load CVE-2020-16898-Bad-Neighbor/scripts Detailed Notes:

PoC BSOD for CVE-2020-16898 (badneighbor)

cve-2020-16898 PoC BSOD for CVE-2020-16898 (badneighbor)

PowerShell Script Workaround for VCE-220-16898 Vulnerability

CVE-2020-16898_Workaround PowerShell Script Workaround for VCE-220-16898 vulnerability

PowerShell Script Workaround for VCE-220-16898 Vulnerability

CVE-2020-16898_Workaround PowerShell Script Workaround for VCE-220-16898 vulnerability

Proof-of-Concept (PoC) script to exploit IPv6 (CVE-2020-16898).

This is an educational exercise Use at your own risk CVE-2020-16898 Exploit This is a lesson as to why you should not trust binaries on the internet Windows Binary PoC /CVE-2020-16898exe will run the exploit See my other exploits here

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

bad_neighbor portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2020-16898

Windows RDNSS RCE

CVE-2020-16898 Windows RDNSS(ICMP Bad Neighbor Exp) RCE Usage: expexe [ipv6-address] [shellcode]

PoC BSOD for CVE-2020-16898

CVE-2020-16898 PoC BSOD for CVE-2020-16898 (badneighbor)

Windows RDNSS RCE

CVE-2020-16898 Windows RDNSS RCE

PoC Bad Neighbor BSOD exploit

CVE-2020-16898 PoC Bad Neighbor BSOD (DoS) exploit Use at own risk! Usage: CVE-2020-16898exe "target ip goes here"

Minor powershell script that checks for vulnerable interfaces.

CVE-2020-16898_Check Minor powershell script that checks for vulnerable interfaces

Check all Network Interfaces for CVE-2020-16898 Vulnerability

CVE-2020-16898_Checker Check all Network Interface for CVE-2020-16898 Vulnerability

CVE-2020-16899 - Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

CVE-2020-16899: Microsoft Windows TCP/IP Denial of Service Vulnerability CVSS Score: 68 CVSS Vector: CVSS:30/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C Overview On October 13, Microsoft announced a critical vulnerability in the Windows IPv6 stack, which allows an attacker to send maliciously crafted packets which results in an immediate BSOD (Blue Screen of Death), on

Recent Articles

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
BleepingComputer • Sergiu Gatlan • 16 Oct 2020

The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server.
NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts.



...

US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now
BleepingComputer • Sergiu Gatlan • 14 Oct 2020

US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday.
"Update your Microsoft software now so your system isn't exploited: CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely," US Cyber Command said in a tweet earlier today,



...

Microsoft fixes critical Outlook bug exploitable via preview pane
BleepingComputer • Sergiu Gatlan • 14 Oct 2020

Microsoft has released the October 2020 Office security updates with a total of 24 security updates and 5 cumulative updates for 7 different products, fixing 13 vulnerabilities that could enable remote attackers to execute arbitrary code on vulnerable systems.
The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with ...

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Threatpost • Tara Seals • 13 Oct 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, ...

The Register

Patch Tuesday Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products.
Nadella's security crew has identified 22 remote code execution (RCE) CVEs though the most worrisome looks like CVE-2020-16898, Windows TCP/IP RCE, which is rated 9.8 out 10 in severity. It affects Windows desktop and server systems.
According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Adver...