Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-0610 — Improper Input Validation in Microsoft Windows Server
Severity
9.8CRITICALNVD
EPSS
76.5%
top 1.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 14
Latest updateNov 30
Description
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-73x6-v3m8-f299: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy↗2022-05-24
GHSA▶
GHSA-rfqr-xr33-6qpg: A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target sy↗2022-05-24
💥Exploits & PoCs
2📋Vendor Advisories
1Microsoft
▶