CVE-2020-1466Improper Input Validation in Microsoft Windows Server 2012

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
9.8%
top 7.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows Server 2016+5 more
Timeline
PublishedAug 17
Latest updateMay 24

Description

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerabilit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

CVEListV5microsoft/windows_server_20126.2.0publication
CVEListV5microsoft/windows_server_201610.0.0publication
CVEListV5microsoft/windows_server_201910.0.0publication
CVEListV5microsoft/windows_server_2012_r26.3.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-9fj9-5r8v-mh44: A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and s2022-05-24

📋Vendor Advisories

1
Microsoft
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability2020-08-11