CVE-2020-1147 – .NET RCE Vulnerability
CVE-2020-1147 is an RCE vulnerability that is found in two .NET components, DataSet and DataTable, used to manage sets, and it affects Microsoft SharePoint, .NET framework, and Visual Studio. The vulnerability is triggered when the software fails to check the source markup of XML file inputs and allows for arbitrary code execution in the context of the process responsible for deserialization of XML. According to Microsoft,
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.
Microsoft’s CVE-2020-1147 Patch
In response to this vulnerability and a proof-of-concept released by ‘bug hunter’ Steven Seeley, Microsoft has released security updates for:
- .NET Core
- .NET Framework
- SharePoint Enterprise Server 2013 and 2016
- SharePoint Server 2010 and 2019
- Visual Studio 2017 and 2019
Microsoft has stressed that “full protection requires the installation of the .NET Framework update as well as updates for any additional affected products mentioned in this article.”
In Mr. Seeley’s proof-of-concept, he was able to leverage the vulnerability against a SharePoint Server instance to achieve RCE as a low privileged user. Mr. Seeley also strongly recommends applying Microsoft’s patch as soon as possible, as the vulnerability can be used against several applications built with .NET, meaning that even if you don’t have a SharePoint Server installed, your systems may still be impacted as a result of this vulnerability.
Sources: