Name | sharepoint_typeconverters_rce |
CVE | CVE-2020-0932 |
Exploit Pack | CANVAS |
Description | sharepoint_typeconverters_rce |
Notes | CVE Name: CVE-2020-0932 VENDOR: Microsoft NOTES: - This exploit needs to open port 445, make sure it is available for proper operation - This exploit has been tested on Sharepoint 2019, but other versions could be affected. - It is necessary root/admin privileges to start the SMB server - The default sharepoint configuration allows any authenticated user to create their own site - The URI should be an user's site, for example http://192.168.153.131/sites/MyNewTestSite/SitePages/Home.aspx so the URI is /sites/MyNewTestSite/ VersionsAffected: VERSIONS Repeatability: Infinite References: https://www.zerodayinitiative.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters CVE Url: https://nvd.nist.gov/vuln/detail/cve-2020-0932 Date public: 04/14/2020 CVSS: 8.8 |
Learn more about the CANVAS Exploit Pack here: CANVAS |