← voltar
CVE-2020-0601

CVE-2020-0601

CVSS 8.1 HIGHEPSS 89.4%● KEVCWE-295
Em resumo

O Windows CryptoAPI não valida corretamente certificados ECC, permitindo que atacantes criem certificados falsos que parecem legítimos. Isso permite que código malicioso apareça como originário de fontes confiáveis, enganando usuários e sistemas.

Detalhe técnico

CryptoAPI (Crypt32.dll) valida inadequadamente certificados de Criptografia de Curva Elíptica, viabilizando ataques de falsificação de certificados. Um atacante pode criar um certificado de assinatura de código malicioso que ultrapassa as verificações de validação, permitindo que executáveis não assinados ou maliciosamente assinados pareçam legitimamente assinados.

Resumo gerado e traduzido por IA a partir da descrição oficial.
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Produtos afetados
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Windows 10 Version 1909 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)
PoCs públicas encontradas38
githubgithub.com/ly4k/CurveBall888githubgithub.com/kudelskisecurity/chainoffools335githubgithub.com/gentilkiwi/curveball78githubgithub.com/saleemrashid/badecparams66githubgithub.com/0xxon/cve-2020-060135githubgithub.com/eastmountyxz/CVE-2020-0601-EXP30githubgithub.com/ioncodes/Curveball20githubgithub.com/0xxon/cve-2020-0601-plugin5githubgithub.com/RrUZi/Awesome-CVE-2020-06015githubgithub.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT3githubgithub.com/nissan-sudo/CVE-2020-06012githubgithub.com/gremwell/cve-2020-0601_poc2githubgithub.com/YoannDqr/CVE-2020-06012githubgithub.com/BlueTeamSteve/CVE-2020-06011githubgithub.com/amlweems/gringotts1githubgithub.com/yanghaoi/CVE-2020-06011githubgithub.com/talbeerysec/CurveBallDetection1githubgithub.com/eastmountyxz/CVE-2018-20250-WinRAR1githubgithub.com/Hans-MartinHannibalLauridsen/CurveBall1githubgithub.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell1githubgithub.com/SherlockSec/CVE-2020-06011githubgithub.com/ShayNehmad/twoplustwo0githubgithub.com/JPurrier/CVE-2020-06010githubgithub.com/0xxon/cve-2020-0601-utils0githubgithub.com/MarkusZehnle/CVE-2020-06010githubgithub.com/thimelp/cve-2020-0601-Perl0githubgithub.com/dlee35/curveball_lua0githubgithub.com/Ash112121/CVE-2020-06010githubgithub.com/apodlosky/PoC_CurveBall0githubgithub.com/CrackerCat/CurveballCertTool0githubgithub.com/tyj956413282/curveball-plus0githubgithub.com/JoelBts/CVE-2020-0601_PoC0githubgithub.com/exploitblizzard/CVE-2020-0601-spoofkey0githubgithub.com/bsides-rijeka/meetup-2-curveball0githubgithub.com/okanulkr/CurveBall-CVE-2020-0601-PoC0cve_referencepacketstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/47933não verificadocve_referencepacketstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0601