Miggo Logo

CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

7.8

CVSS Score
3.1

Basic Information

EPSS Score
0.99754%
CWE
-
Published
5/24/2022
Updated
2/2/2023
KEV Status
Yes
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.NETCore.Appnuget>= 2.1.0, < 2.1.202.1.20
Microsoft.NETCore.App.Runtime.linux-armnuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-arm64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-musl-arm64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-musl-x64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-x64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.osx-x64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.rhel.6-x64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-armnuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-arm64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-x64nuget>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-x86nuget>= 3.1.0, < 3.1.63.1.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure XML deserialization in .NET components. Both DataSet.ReadXml and DataTable.ReadXml are known vectors for deserialization attacks when processing untrusted XML. Microsoft's patch specifically restricts allowed types in XML payloads, indicating these methods previously lacked proper type validation. Exploit references to SharePoint DataSet/DataTable deserialization (CVE-2020-1147) and the .NET team's announcement about XML payload restrictions confirm these functions' involvement.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in .N*T *r*m*work, Mi*roso*t S**r*Point, *n* Visu*l Stu*io w**n t** so*tw*r* **ils to ****k t** sour** m*rkup o* XML *il* input, *k* '.N*T *r*m*work, S**r*Point S*rv*r, *n* Visu*l Stu*io R*mot* *o** *x**ut

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* XML **s*ri*liz*tion in .N*T *ompon*nts. *ot* `**t*S*t.R***Xml` *n* `**t*T**l*.R***Xml` *r* known v**tors *or **s*ri*liz*tion *tt**ks w**n pro**ssin* untrust** XML. Mi*roso*t's p*t** sp**i*i**lly r*stri*ts *llow**