CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability
First published: Mon Aug 17 2020(Updated: )
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Netlogon | ||
| redhat/samba | <4.10.18 | 4.10.18 |
| redhat/samba | <4.11.13 | 4.11.13 |
| redhat/samba | <4.12.7 | 4.12.7 |
| Microsoft Windows Server 1903 | ||
| Microsoft Windows server 1909 | ||
| Microsoft Windows server 2004 | ||
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 20h2 | ||
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| openSUSE | =15.1 | |
| openSUSE | =15.2 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| Synology Directory Server | <4.4.5-0101 | |
| Samba | <4.10.18 | |
| Samba | >=4.11.0<4.11.13 | |
| Samba | >=4.12.0<4.12.7 | |
| Debian GNU/Linux | =9.0 | |
| Oracle Sun ZFS Storage Appliance Kit | =8.8 | |
| debian/samba | 2:4.13.13+dfsg-1~deb11u6 2:4.17.12+dfsg-0+deb12u1 2:4.21.4+dfsg-1 | |
| Fedora | =31 | |
| Fedora | =32 | |
| Fedora | =33 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =20.04 | |
| Debian | =9.0 | |
| Microsoft Windows Server 2016 | =1903 | |
| Microsoft Windows Server 2016 | =1909 | |
| Microsoft Windows Server 2016 | =2004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
- http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/
- https://security.gentoo.org/glsa/202012-24
- https://usn.ubuntu.com/4510-1/
- https://usn.ubuntu.com/4510-2/
- https://usn.ubuntu.com/4559-1/
- https://www.kb.cert.org/vuls/id/490028
- https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html
- http://www.openwall.com/lists/oss-security/2020/09/17/2
- https://www.synology.com/security/advisory/Synology_SA_20_21
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00080.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00086.html
- https://launchpad.net/bugs/cve/CVE-2020-1472
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4OTFBL6YDVFH2TBJFJIE4FMHPJEEJK3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ST6X3A2XXYMGD4INR26DQ4FP4QSM753B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAPQQZZAT4TG3XVRTAFV2Y3S7OAHFBUP/
- https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/
- https://access.redhat.com/security/cve/CVE-2020-1472
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1880897
- https://www.samba.org/samba/security/CVE-2020-1472.html
- https://kb.cert.org/vuls/id/490028#Samba
- https://access.redhat.com/articles/5435971
- https://access.redhat.com/errata/RHSA-2020:5439
- https://access.redhat.com/security/cve/cve-2020-1472
- https://access.redhat.com/errata/RHSA-2021:1647
- https://access.redhat.com/errata/RHSA-2021:3723
- https://bugzilla.redhat.com/show_bug.cgi?id=1879822
- https://bugzilla.samba.org/show_bug.cgi?id=14497
- https://www.openwall.com/lists/oss-security/2020/09/17/2
- https://security-tracker.debian.org/tracker/CVE-2020-1472
- https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday)
- https://nvd.nist.gov/vuln/detail/CVE-2020-1472
- https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472
- https://ubuntu.com/security/CVE-2020-1472
- https://www.bleepingcomputer.com/news/security/iranian-hackers-act-as-brokers-selling-critical-infrastructure-access/
Frequently Asked Questions
What is CVE-2020-1472?
CVE-2020-1472 is a privilege escalation vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC).
What is the severity of CVE-2020-1472?
CVE-2020-1472 has a severity score of 10, which is classified as critical.
What is affected by CVE-2020-1472?
Microsoft Netlogon, Samba, and various Windows Server versions are affected by CVE-2020-1472.
How can CVE-2020-1472 be exploited?
CVE-2020-1472 can be exploited when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller.
Are there any official references for CVE-2020-1472?
Yes, you can find more information about CVE-2020-1472 at the following references: [CISA Emergency Directive 20-03](https://www.cisa.gov/emergency-directive-20-03), [CVE-2020-1472 on MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472), [Secura Advisory](https://www.secura.com/pathtoimg.php?id=2055).
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- collector/the-register
- source/The Register
- alias/CVE-2020-1472
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2017-0144
- alias/CVE-2023-27532
- alias/CVE-2021-42278
- alias/CVE-2021-42287
- alias/CVE-2022-42475
- alias/CVE-2017-0290
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/description
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- agent/trending
- agent/source
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- agent/event
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/microsoft
- canonical/microsoft netlogon
- package-manager/redhat
- canonical/microsoft windows server 1903
- canonical/microsoft windows server 1909
- canonical/microsoft windows server 2004
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/microsoft windows server 20h2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- version/opensuse/15.2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- vendor/synology
- canonical/synology directory server
- vendor/samba
- canonical/samba
- version/samba/4.11.0
- version/samba/4.12.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- vendor/oracle
- canonical/oracle sun zfs storage appliance kit
- version/oracle sun zfs storage appliance kit/8.8
- canonical/fedora
- version/fedora/31
- version/fedora/32
- version/fedora/33
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/20.04
- canonical/debian
- version/debian/9.0
- version/microsoft windows server 2016/1903
- version/microsoft windows server 2016/1909
- version/microsoft windows server 2016/2004
- package-manager/debian