⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-1147

14 documents12 sources
Severity
7.8HIGH
EPSS
93.4%
top 0.18%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
68
Microsoft Visual Studio 2017Microsoft Visual Studio 2019Microsoft .net Core+65 more
Timeline
PublishedJul 14
KEV addedNov 3
KEV dueMay 3
Latest updateJul 25
CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages81 packages

NVDmicrosoft/visual_studio_201715.015.9
NVDmicrosoft/visual_studio_201916.016.6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

4
GHSA
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability2022-05-24
OSV
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability2022-05-24
CVEList
CVE-2020-1147: A remote code execution vulnerability exists in2020-07-14
VulnCheck
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability2020

💥Exploits & PoCs

2
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution (2)2021-07-23
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution2020-08-17

🔍Detection Rules

1
Suricata
ET EXPLOIT .NET Framework Remote Code Execution Injection (CVE-2020-1147)2021-11-18

📋Vendor Advisories

3
CISA
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability2021-11-03
Red Hat
dotnet: XML source markup processing remote code execution2020-07-14
Microsoft
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability2020-07-14

🕵️Threat Intelligence

2
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint2025-07-25
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint2025-07-25

💬Community

1
Bugzilla
CVE-2020-1147 dotnet: XML source markup processing remote code execution2020-07-14
CVE-2020-1147 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io