⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-1040

6 documents6 sources
9
CVSS
CRITICAL
EPSS0.2%(39th)
CISA KEVExploited in Wild
CISA Required Action: Apply updates per vendor instructions.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5microsoft/windows_server8 versions+7
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043.
NVDMITREPatch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-98qh-xxww-5r96: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2022-05-24
CVEList
CVE-2020-1040: A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user o2020-07-14
VulnCheck
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability2020

📋Vendor Advisories

2
CISA
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability2021-11-03
Microsoft
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability2020-07-14
CVE-2020-1040 (CRITICAL CVSS 9) | A remote code execution vulnerabili | cvebase.io