Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2020-16938

Published: 16/10/2020 Updated: 31/12/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 188
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

<p>An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an malicious user to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.</p>

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 2004

microsoft windows server 2016 2004

Github Repositories

https://github.com/ioncodes/CVE-2020-16938

Bypassing NTFS permissions to read any files as unprivileged user.

CVE-2020-16938 CVE-2020-16938 is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user The bug was originally found and reported by my friend Jonas His PoC can be found here My version of the exploit consists of a bunch of Windows API calls to get the handle directly without using 7zip, the PoC can be found in the

https://github.com/qemm/armory

My tools

Armory Honeybits githubcom/0x4D31/honeybits Listado de C2 C2 Github Github githubcom/smokeme/airstrike githubcom/sweetsoftware/Ares githubcom/NYAN-x-CAT/AsyncRAT-C-Sharp) githubcom/smokeme/airstrike githubcom/sweetsoftware/Ares githubcom/NYAN-x-CAT/AsyncRAT-C-Sharp githubcom/Gr1mmie

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16938https://nvd.nist.govhttps://github.com/ioncodes/CVE-2020-16938
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook