#VU48269 Security Features in Windows Server - CVE-2020-17049

Cybersecurity Help s.r.o.

Published: 2020-11-10

Vulnerability identifier: #VU48269

Vulnerability risk: Low

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-17049

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Kerberos. A remote administrator can bypass authentication process and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2012 R2 - 2012, 2016 10.0.14393.10, 2019 10.0.17763.1 - 2019 2004

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Application Gateway

Multiple vulnerabilities in IBM webMethods Managed File Transfer

Amazon Linux AMI update for samba

Multiple vulnerabilities in Service Telemetry Framework 1.5

Anolis OS update for idm:DL1 module

Red Hat Enterprise Linux 8.6 Extended Update Support update for krb5

Red Hat Enterprise Linux 8.8 Extended Update Support update for the idm:DL1 module

Red Hat Enterprise Linux 8.6 Extended Update Support update for the idm:DL1 module

Red Hat Enterprise Linux 8 update for the idm:DL1 module

Multiple vulnerabilities in Red Hat OpenShift Container Platform release 4.13