/

CVE-2020-1472 Report - Details, Severity, Advisories and More

CVE-2020-1472 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2020-1472, also known as ZeroLogon, is an important and critical security vulnerability that affects various systems running Samba, such as openSUSE Leap 15.2 and Microsoft Windows Server. This elevation of privilege vulnerability occurs when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).

How do I know if I'm affected?

To determine if you're affected by this vulnerability, you should check if you're using any of the known affected software configurations. These include various versions of Microsoft Windows Server, Fedora, openSUSE Leap 15.1 and 15.2, Ubuntu, Synology Directory Server, and Samba. The vulnerability allows an attacker to gain elevated privileges by establishing a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC). If you're using any of these software configurations, it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by this vulnerability it's important to install security updates for your software. For openSUSE Leap 15.2 users, follow the recommended installation methods like YaST online_update or "zypper patch" to apply the update. For other affected software, ensure you're using supported versions and follow the vendor's guidelines to secure your system.

Where can I go to learn more?

For more information on this vulnerability and how to address it, refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Microsoft Netlogon Privilege Escalation Vulnerability, was added on November 03, 2021, with a due date of September 09, 2020. This critical security flaw allows an attacker to gain elevated privileges by exploiting a vulnerability in the Netlogon protocol.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-330, and is caused by the use of insufficiently random values (CWE-330) in the Netlogon protocol, affecting various software configurations. Mitigation measures include updating software and enforcing secure netlogon channels.

For more details

CVE-2020-1472, or ZeroLogon, is a critical vulnerability affecting various software configurations, including openSUSE Leap 15.2. Mitigation measures include updating software and enforcing secure netlogon channels. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2020-1472 Report - Details, Severity, Advisories and More

CVE-2020-1472 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2020-1472, also known as ZeroLogon, is an important and critical security vulnerability that affects various systems running Samba, such as openSUSE Leap 15.2 and Microsoft Windows Server. This elevation of privilege vulnerability occurs when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).

How do I know if I'm affected?

To determine if you're affected by this vulnerability, you should check if you're using any of the known affected software configurations. These include various versions of Microsoft Windows Server, Fedora, openSUSE Leap 15.1 and 15.2, Ubuntu, Synology Directory Server, and Samba. The vulnerability allows an attacker to gain elevated privileges by establishing a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC). If you're using any of these software configurations, it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by this vulnerability it's important to install security updates for your software. For openSUSE Leap 15.2 users, follow the recommended installation methods like YaST online_update or "zypper patch" to apply the update. For other affected software, ensure you're using supported versions and follow the vendor's guidelines to secure your system.

Where can I go to learn more?

For more information on this vulnerability and how to address it, refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Microsoft Netlogon Privilege Escalation Vulnerability, was added on November 03, 2021, with a due date of September 09, 2020. This critical security flaw allows an attacker to gain elevated privileges by exploiting a vulnerability in the Netlogon protocol.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-330, and is caused by the use of insufficiently random values (CWE-330) in the Netlogon protocol, affecting various software configurations. Mitigation measures include updating software and enforcing secure netlogon channels.

For more details

CVE-2020-1472, or ZeroLogon, is a critical vulnerability affecting various software configurations, including openSUSE Leap 15.2. Mitigation measures include updating software and enforcing secure netlogon channels. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2020-1472 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2020-1472, also known as ZeroLogon, is an important and critical security vulnerability that affects various systems running Samba, such as openSUSE Leap 15.2 and Microsoft Windows Server. This elevation of privilege vulnerability occurs when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).

How do I know if I'm affected?

To determine if you're affected by this vulnerability, you should check if you're using any of the known affected software configurations. These include various versions of Microsoft Windows Server, Fedora, openSUSE Leap 15.1 and 15.2, Ubuntu, Synology Directory Server, and Samba. The vulnerability allows an attacker to gain elevated privileges by establishing a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC). If you're using any of these software configurations, it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by this vulnerability it's important to install security updates for your software. For openSUSE Leap 15.2 users, follow the recommended installation methods like YaST online_update or "zypper patch" to apply the update. For other affected software, ensure you're using supported versions and follow the vendor's guidelines to secure your system.

Where can I go to learn more?

For more information on this vulnerability and how to address it, refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Microsoft Netlogon Privilege Escalation Vulnerability, was added on November 03, 2021, with a due date of September 09, 2020. This critical security flaw allows an attacker to gain elevated privileges by exploiting a vulnerability in the Netlogon protocol.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-330, and is caused by the use of insufficiently random values (CWE-330) in the Netlogon protocol, affecting various software configurations. Mitigation measures include updating software and enforcing secure netlogon channels.

For more details

CVE-2020-1472, or ZeroLogon, is a critical vulnerability affecting various software configurations, including openSUSE Leap 15.2. Mitigation measures include updating software and enforcing secure netlogon channels. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.