← back
CVE-2020-1350

CVE-2020-1350

CVSS 10 CRITICALEPSS 92.2%● KEVCWE-20
In short

A critical flaw in Windows DNS servers allows attackers to execute malicious code remotely without authentication. This affects any system running vulnerable DNS server software, potentially compromising entire networks.

Technical detail

An improper input validation vulnerability (CWE-20) in Windows DNS Server allows unauthenticated remote attackers to execute arbitrary code via malformed DNS requests. The attack vector is network-based with no authentication required, and successful exploitation grants code execution with SYSTEM privileges on the affected DNS server.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Microsoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)Microsoft · Windows Server, version 2004 (Server Core installation)
public PoCs found16
githubgithub.com/ZephrFish/CVE-2020-1350_HoneyPoC279githubgithub.com/maxpl0it/CVE-2020-1350-DoS237githubgithub.com/psc4re/NSE-scripts162githubgithub.com/captainGeech42/CVE-2020-135018githubgithub.com/T13nn3s/CVE-2020-135015githubgithub.com/connormcgarr/CVE-2020-135011githubgithub.com/corelight/SIGRed9githubgithub.com/zoomerxsec/Fake_CVE-2020-13507githubgithub.com/mr-r3b00t/CVE-2020-13504githubgithub.com/simeononsecurity/CVE-2020-1350-Fix2githubgithub.com/graph-inc/CVE-2020-13502githubgithub.com/jmaddington/dRMM-CVE-2020-1350-response0githubgithub.com/sty886/CVE-2020-1350-SigRed0githubgithub.com/gdwnet/cve-2020-13500githubgithub.com/CVEmaster/CVE-2020-13500cve_referencepacketstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350