一、 漏洞 CVE-2020-0796 基础信息
漏洞信息
# N/A
## 概述
存在一个远程代码执行漏洞,该漏洞在于 Microsoft Server Message Block 3.1.1 (SMBv3) 协议处理某些请求的方式中,被称为“Windows SMBv3 客户端/服务器远程代码执行漏洞”。
## 影响版本
未提供具体影响的版本信息。
## 细节
SMBv3 协议在处理特定请求的方式中存在缺陷,可能导致远程代码执行。攻击者可以利用该漏洞通过发送恶意请求来执行任意代码。
## 影响
成功利用此漏洞的攻击者可以在目标系统上执行任意代码。这可能导致执行其他程序、查看、更改或删除数据,以及创建拥有完全用户权限的新帐户。
神龙判断
是否为 Web 类漏洞: 否
判断理由:
否。这个漏洞涉及的是Microsoft Server Message Block 3.1.1 (SMBv3)协议如何处理某些请求,这涉及到网络协议栈和系统的文件共享服务,而不是具体针对Web服务的服务端。虽然SMBv3可以被Web应用间接调用,但这个漏洞本身不是Web服务漏洞。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
微软 Microsoft SMBv3 缓冲区错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft SMBv3是美国微软(Microsoft)公司的一个为设备提供SMB功能的支持固件。 Microsoft Server Message Block 3.1.1 (SMBv3)版本中存在缓冲区错误漏洞,该漏洞源于SMBv3协议在处理恶意压缩数据包时,进入了错误流程。远程未经身份验证的攻击者可利用该漏洞在应用程序中执行任意代码。以下产品及版本受到影响:Microsoft Windows 10版本1903,Windows Server版本1903,Windows 10版本1909,Windo
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
缓冲区错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2020-0796 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Ladon Scanner For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010/SmbGhost/CVE-2020-0796/CVE-2018-2894 | https://github.com/k8gege/PyLadon | POC详情 |
| 2 | Weaponized PoC for SMBv3 TCP codec/compression vulnerability | https://github.com/Aekras1a/CVE-2020-0796-PoC | POC详情 |
| 3 | CVE-2020-0796 Flaw Mitigation - Active Directory Administrative Templates | https://github.com/technion/DisableSMBCompression | POC详情 |
| 4 | Powershell SMBv3 Compression checker | https://github.com/T13nn3s/CVE-2020-0796 | POC详情 |
| 5 | Scanner for CVE-2020-0796 - SMBv3 RCE | https://github.com/ly4k/SMBGhost | POC详情 |
| 6 | Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1) | https://github.com/joaozietolie/CVE-2020-0796-Checker | POC详情 |
| 7 | Identifying and Mitigating the CVE-2020–0796 flaw in the fly | https://github.com/ButrintKomoni/cve-2020-0796 | POC详情 |
| 8 | This project is used for scanning cve-2020-0796 SMB vulnerability | https://github.com/dickens88/cve-2020-0796-scanner | POC详情 |
| 9 | None | https://github.com/kn6869610/CVE-2020-0796 | POC详情 |
| 10 | This repository contains a test case for CVE-2020-0796 | https://github.com/awareseven/eternalghosttest | POC详情 |
| 11 | CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner | https://github.com/xax007/CVE-2020-0796-Scanner | POC详情 |
| 12 | Scanners List - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) | https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing | POC详情 |
| 13 | Check system is vulnerable CVE-2020-0796 (SMB v3) | https://github.com/UraSecTeam/smbee | POC详情 |
| 14 | SMBGhost (CVE-2020-0796) threaded scanner | https://github.com/netscylla/SMBGhost | POC详情 |
| 15 | PoC for triggering buffer overflow via CVE-2020-0796 | https://github.com/eerykitty/CVE-2020-0796-PoC | POC详情 |
| 16 | Scanner script to identify hosts vulnerable to CVE-2020-0796 | https://github.com/wneessen/SMBCompScan | POC详情 |
| 17 | Scanner for CVE-2020-0796 - A SMBv3.1.1 + SMB compression RCE | https://github.com/ioncodes/SMBGhost | POC详情 |
| 18 | SMBv3 RCE vulnerability in SMBv3 | https://github.com/laolisafe/CVE-2020-0796 | POC详情 |
| 19 | Multithread SMB scanner to check CVE-2020-0796 for SMB v3.11 | https://github.com/gabimarti/SMBScanner | POC详情 |
| 20 | This script will apply the workaround for the vulnerability CVE-2020-0796 for the SMBv3 unauthenticated RCE | https://github.com/Almorabea/SMBGhost-WorkaroundApplier | POC详情 |
| 21 | CVE-2020-0796 - Working PoC - 20200313 | https://github.com/vysecurity/CVE-2020-0796 | POC详情 |
| 22 | CVE-2020-0796 SMBGhost | https://github.com/marcinguy/CVE-2020-0796 | POC详情 |
| 23 | Little scanner to know if a machine is runnig SMBv3 (possible vulnerability CVE-2020-0796) | https://github.com/BinaryShadow94/SMBv3.1.1-scan---CVE-2020-0796 | POC详情 |
| 24 | Advanced scanner for CVE-2020-0796 - SMBv3 RCE | https://github.com/w1ld3r/SMBGhost_Scanner | POC详情 |
| 25 | CVE-2020-0796 Python POC buffer overflow | https://github.com/wsfengfan/CVE-2020-0796 | POC详情 |
| 26 | 基于asyncio(协程)的CVE-2020-0796 速度还是十分可观的,方便运维师傅们对内网做下快速检测。 | https://github.com/GuoKerS/aioScan_CVE-2020-0796 | POC详情 |
| 27 | CVE-2020-0796-Scanner | https://github.com/jiansiting/CVE-2020-0796-Scanner | POC详情 |
| 28 | An unauthenticated PoC for CVE-2020-0796 | https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC | POC详情 |
| 29 | Lightweight PoC and Scanner for CVE-2020-0796 without authentication. | https://github.com/ran-sama/CVE-2020-0796 | POC详情 |
| 30 | CVE-2020-0796_CoronaBlue_SMBGhost | https://github.com/sujitawake/smbghost | POC详情 |
| 31 | Scanner for CVE-2020-0796 | https://github.com/julixsalas/CVE-2020-0796 | POC详情 |
| 32 | CVE-2020-0796.SMBGhost_Crash_Poc | https://github.com/5l1v3r1/SMBGhost_Crash_Poc | POC详情 |
| 33 | Lightweight PoC and Scanner for CVE-2020-0796 without authentication. | https://github.com/5l1v3r1/CVE-2020-0796-PoC-and-Scan | POC详情 |
| 34 | DoS PoC for CVE-2020-0796 (SMBGhost) | https://github.com/cory-zajicek/CVE-2020-0796-DoS | POC详情 |
| 35 | None | https://github.com/tripledd/cve-2020-0796-vuln | POC详情 |
| 36 | CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost | https://github.com/danigargu/CVE-2020-0796 | POC详情 |
| 37 | CVE-2020-0796 Local Privilege Escalation POC | https://github.com/jamf/CVE-2020-0796-LPE-POC | POC详情 |
| 38 | SMBGHOST local privilege escalation | https://github.com/TinToSer/CVE-2020-0796-LPE | POC详情 |
| 39 | Windows SMBv3 LPE exploit 已编译版 | https://github.com/f1tz/CVE-2020-0796-LPE-EXP | POC详情 |
| 40 | Coronablue exploit | https://github.com/tango-j/CVE-2020-0796 | POC详情 |
| 41 | None | https://github.com/jiansiting/CVE-2020-0796 | POC详情 |
| 42 | 该资源为CVE-2020-0796漏洞复现,包括Python版本和C++版本。主要是集合了github大神们的资源,希望您喜欢~ | https://github.com/eastmountyxz/CVE-2020-0796-SMB | POC详情 |
| 43 | CVE-2020-0796-EXP | https://github.com/LabDookhtegan/CVE-2020-0796-EXP | POC详情 |
| 44 | Cobalt Strike AggressorScripts CVE-2020-0796 | https://github.com/Rvn0xsy/CVE_2020_0796_CNA | POC详情 |
| 45 | CVE-2020-0796 (SMBGhost) LPE | https://github.com/0xeb-bp/cve-2020-0796 | POC详情 |
| 46 | This tool helps scan large subnets for cve-2020-0796 vulnerable systems | https://github.com/intelliroot-tech/cve-2020-0796-Scanner | POC详情 |
| 47 | CVE-2020-0796 Remote Code Execution POC | https://github.com/jamf/CVE-2020-0796-RCE-POC | POC详情 |
| 48 | PoC RCE Reverse Shell for CVE-2020-0796 (SMBGhost) | https://github.com/thelostworldFree/CVE-2020-0796 | POC详情 |
| 49 | None | https://github.com/section-c/CVE-2020-0796 | POC详情 |
| 50 | SMBGhost CVE-2020-0796 | https://github.com/bacth0san96/SMBGhostScanner | POC详情 |
| 51 | None | https://github.com/halsten/CVE-2020-0796 | POC详情 |
| 52 | CVE-2020-0796 | https://github.com/ysyyrps123/CVE-2020-0796 | POC详情 |
| 53 | CVE-2020-0796-exp | https://github.com/ysyyrps123/CVE-2020-0796-exp | POC详情 |
| 54 | SMBv3 Ghost (CVE-2020-0796) Vulnerability | https://github.com/exp-sky/CVE-2020-0796 | POC详情 |
| 55 | SMBGhost (CVE-2020-0796) Automate Exploitation and Detection | https://github.com/Barriuso/SMBGhost_AutomateExploitation | POC详情 |
| 56 | 批量测试CVE-2020-0796 - SMBv3 RCE | https://github.com/1060275195/SMBGhost | POC详情 |
| 57 | This is an implementation of the CVE-2020-0796 aka SMBGhost vulnerability, compatible with the Metasploit Framework | https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module | POC详情 |
| 58 | SMBGhost (CVE-2020-0796) and SMBleed (CVE-2020-1206) Scanner | https://github.com/jamf/SMBGhost-SMBleed-scanner | POC详情 |
| 59 | CVE-2020-0796. Smbghost Local Privilege Escalation | https://github.com/5l1v3r1/smbghost-5 | POC详情 |
| 60 | None | https://github.com/rsmudge/CVE-2020-0796-BOF | POC详情 |
| 61 | To crash Windows-10 easily | https://github.com/codewithpradhan/SMBGhost-CVE-2020-0796- | POC详情 |
| 62 | CVE-2020-0796-POC | https://github.com/AaronCaiii/CVE-2020-0796-POC | POC详情 |
| 63 | None | https://github.com/datntsec/CVE-2020-0796 | POC详情 |
| 64 | None | https://github.com/MasterSploit/LPE---CVE-2020-0796 | POC详情 |
| 65 | None | https://github.com/1stPeak/CVE-2020-0796-Scanner | POC详情 |
| 66 | None | https://github.com/Anonimo501/SMBGhost_CVE-2020-0796_checker | POC详情 |
| 67 | None | https://github.com/Opensitoo/cve-2020-0796 | POC详情 |
| 68 | Remote Code Execution POC for CVE-2020-0796 | https://github.com/orangmuda/CVE-2020-0796 | POC详情 |
| 69 | None | https://github.com/Murasame-nc/CVE-2020-0796-LPE-POC | POC详情 |
| 70 | 批量扫描CVE-2020-0796 | https://github.com/F6JO/CVE-2020-0796-Batch-scanning | POC详情 |
| 71 | None | https://github.com/lisinan988/CVE-2020-0796-exp | POC详情 |
| 72 | CVE-2020-0796 - a wormable SMBv3 vulnerability. | https://github.com/5l1v3r1/CVE-2020-0796-PoC-3 | POC详情 |
| 73 | Multithreaded Scanner for CVE-2020-0796 - SMBv3 RCE | https://github.com/5l1v3r1/SMBGhosts | POC详情 |
| 74 | Description of Exploit SMBGhost CVE-2020-0796 | https://github.com/vsai94/ECE9069_SMBGhost_Exploit_CVE-2020-0796- | POC详情 |
| 75 | CVE-2020-0796 explanation and researching vulnerability for term porject CENG325 | https://github.com/arzuozkan/CVE-2020-0796 | POC详情 |
| 76 | CVE-2020-0796 | https://github.com/SEHandler/CVE-2020-0796 | POC详情 |
| 77 | CVE-2020-0796-利用工具 | https://github.com/TweatherQ/CVE-2020-0796 | POC详情 |
| 78 | windows 10 SMB vulnerability | https://github.com/krizzz07/CVE-2020-0796 | POC详情 |
| 79 | cve-2020-0796利用工具集 | https://github.com/OldDream666/cve-2020-0796 | POC详情 |
| 80 | CVE-2020-0796 SMB Ghost vulnerability detection and mitigation | https://github.com/heeloo123/CVE-2020-0796 | POC详情 |
| 81 | WindowsProtocolTestSuites is to trigger BSoD, and full exploit poc. | https://github.com/Ajomix/CVE-2020-0796 | POC详情 |
| 82 | None | https://github.com/Vladshambaryan/https-github.com-jamf-CVE-2020-0796-RCE-POC | POC详情 |
| 83 | None | https://github.com/hungdnvp/POC-CVE-2020-0796 | POC详情 |
| 84 | This script will help you to scan for smbGhost vulnerability(CVE-2020-0796) | https://github.com/AdamSonov/smbGhostCVE-2020-0796 | POC详情 |
| 85 | Weaponized PoC for SMBv3 TCP codec/compression vulnerability | https://github.com/0x25bit/CVE-2020-0796-PoC | POC详情 |
| 86 | This repository contains detailed documentation and code related to the exploitation, detection, and mitigation of two significant vulnerabilities: CVE-2020-0796 (SMBGhost) and Print Spooler. | https://github.com/z3ena/Exploiting-and-Mitigating-CVE-2020-0796-SMBGhost-and-Print-Spooler-Vulnerabilities | POC详情 |
| 87 | WindowsProtocolTestSuites is to trigger BSoD, and full exploit poc. | https://github.com/dungnm24/CVE-2020-0796 | POC详情 |
| 88 | None | https://github.com/Kaizzzo1/CVE-2020-0796 | POC详情 |
| 89 | None | https://github.com/monjheta/CVE-2020-0796 | POC详情 |
| 90 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Windows%20SMB%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2020-0796.md | POC详情 |
| 91 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-0796.yaml | POC详情 |
| 92 | None | https://github.com/madanokr001/CVE-2020-0796 | POC详情 |
| 93 | None | https://github.com/tdevworks/CVE-2020-0796-SMBGhost-Exploit-Demo | POC详情 |
| 94 | None | https://github.com/maqeel-git/CVE-2020-0796 | POC详情 |
| 95 | None | https://github.com/cybermads/CVE-2020-0796 | POC详情 |
| 96 | None | https://github.com/esmwaSpyware/DoS-PoC-for-CVE-2020-0796-SMBGhost- | POC详情 |
| 97 | None | https://github.com/bsec404/CVE-2020-0796 | POC详情 |
| 98 | CVE-2020-0796 (SMBGhost) is a critical RCE vulnerability in Windows 10 SMBv3 protocol. It allows attackers to execute code remotely via crafted SMB packets, making it wormable. Affects Windows 10 v1903/v1909 and Server 2019. Exploit targets srv2.sys via buffer overflow | https://github.com/Jagadeesh7532/-CVE-2020-0796-SMBGhost-Windows-10-SMBv3-Remote-Code-Execution-Vulnerability | POC详情 |
| 99 | None | https://github.com/nyambiblaise/Microsoft-Windows-SMBGhost-Vulnerability-Checker---CVE-2020-0796---SMBv3-RCE | POC详情 |
三、漏洞 CVE-2020-0796 的情报信息
标题: Packet Storm -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:### 关键信息 - **网站**: Packet Storm Security - **文档类型**: 服务条款与常见问题解答 FAQs - **上次更新日期**: 2025年9月12日 #### 服务条款关键内容 - **协议接受**: 通过访问网站,用户同意受服务条款约束,若不同意,则禁止使用网站。 - **用户注册**: 要求用户注册时提供真实准确的信息,并具有合法的使用资格,不得通过自动化手段进行访问,需遵守法律法规。 - **禁止活动**: 不得恶意使用网站、滥用数据或违反服务条款中的任何禁止事项。 - **用户生成内容**: 用户通过网站提供的任何内容视为非机密和非专有,授权给 Packet Storm Security 无限制的、永久的、可转让的全球许可,用于任何目的。 #### 漏洞相关提示 - **用户责任**: 用户需对注册信息的准确性负责,任何不准确的信息可能构成使用不当。 - **安全性**: 强调用户需保护密码和账户信息,防止未经授权的访问和滥用,但网站对于用户数据的安全风险并不承担全部责任。 - **法律条款**: 同意使用网站即被认为同意遵守服务条款,包含对用户在网站上发表言论和产生的贡献的法律条款。
标题: Packet Storm -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:从这张Packet Storm服务条款页面的截图中,无法直接获取到具体的漏洞信息。该页面主要列出了网站的服务条款和用户协议,包括用户注册、使用限制、贡献内容许可、广告、隐私政策等条款,并没有直接涉及安全漏洞的描述或公告。 不过,可以通过以下方式从Packet Storm获取漏洞信息: 1. **搜索功能**:在页面顶部的搜索框中输入关键词如“vulnerability”或具体漏洞编号,可以查找相关的漏洞报告。 2. **网站导航**:通过页面顶部的导航栏访问其他相关页面,如“Vulnerability Reports”或“News”等,这些页面可能会包含最新的漏洞信息。 3. **RSS订阅**:订阅Packet Storm的RSS源,以便及时获取最新的安全信息和漏洞报告。 要找到具体的漏洞信息,建议直接使用这些方法进行查找。
- http://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.htmlx_refsource_MISC
- http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.htmlx_refsource_MISC
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796x_refsource_MISC
标题: Packet Storm -- 🔗来源链接
标签:x_refsource_MISC
神龙速读:- **关键信息** - **站点规则** - 用户必须同意服务条款才能使用网站。 - 提供的漏洞信息在“AS IS”基础上提供,用户需要自行评估风险。 - **禁止行为** - 禁止通过自动化或非人类方式访问网站。 - 禁止使用网站进行非法或未经授权的活动。 - 禁止恶意行为和对数据的恶意使用。 - **免责声明** - 网站和内容按“原样”提供,没有保证其准确性或完整性。 - 对于因使用网站或其服务导致的任何损害,公司不负责任。 - **责任限制** - 公司对任何直接、间接、偶然、特殊或惩罚性损害不负责任。 - **联系信息** - 提供了联系邮箱:`staff@packetstormsecurity.com`
- http://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-0796
四、漏洞 CVE-2020-0796 的评论
匿名用户
2026-01-15 06:09:01Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.