How severe is CVE-2020-0718?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2020-0718 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Windows Server 2008 R2 Service Pack 1

CVE-2020-0718

<p>A remote code execution vulnerability exists when Active Directory integrated DNS (ADIDNS) mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of t…

EPSS: 0.111 (93.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 — versions 6.1.0
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core Installation) — versions 6.0.0
Microsoft Windows Server 2008 Service Pack 2 — versions 6.0.0
Microsoft Windows Server 2008 Service Pack 2 — versions 6.0.0
Microsoft Windows Server 2008 Service Pack 2 (Server Core Installation) — versions 6.0.0
Microsoft Windows Server 2012 — versions 6.2.0
Microsoft Windows Server 2012 R2 — versions 6.3.0
Microsoft Windows Server 2012 R2 (Server Core Installation) — versions 6.3.0
Microsoft Windows Server 2012 (Server Core Installation) — versions 6.2.0
Microsoft Windows Server 2016 — versions 10.0.0

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0718 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-0718?: CVE-2020-0718 is a high-severity vulnerability in Microsoft Windows Server 2008 R2 Service Pack 1. CVSS score: 8.8/10. Published 2020-09-11.
How severe is CVE-2020-0718?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2020-0718 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.