CVE-2020-1374

5 documents5 sources
Severity
7.5HIGH
EPSS
13.2%
top 5.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+12 more
Timeline
PublishedJul 14
Latest updateMay 24

Description

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages13 packages

CVEListV5microsoft/windows_server10 versions+9
CVEListV5microsoft/windows18 versions+17
NVDmicrosoft/windows4 versions+3
NVDmicrosoft/windows_107 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4x96-gfcf-h2wp: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie2022-05-24
CVEList
CVE-2020-1374: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie2020-07-14

📋Vendor Advisories

1
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability2020-07-14

💬Community

1
Bugzilla
CVE-2020-2181 jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps2020-06-16
CVE-2020-1374 (HIGH CVSS 7.5) | A remote code execution vulnerabili | cvebase.io