CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
7.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.99754%
CWE
-
Published
5/24/2022
Updated
2/2/2023
KEV Status
Yes
Technology
C#
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Microsoft.NETCore.App | nuget | >= 2.1.0, < 2.1.20 | 2.1.20 |
Microsoft.NETCore.App.Runtime.linux-arm | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.linux-arm64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.linux-musl-x64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.linux-x64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.osx-x64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.rhel.6-x64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.win-arm | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.win-arm64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.win-x64 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Microsoft.NETCore.App.Runtime.win-x86 | nuget | >= 3.1.0, < 3.1.6 | 3.1.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from insecure XML deserialization in .NET components. Both DataSet.ReadXml
and DataTable.ReadXml
are known vectors for deserialization attacks when processing untrusted XML. Microsoft's patch specifically restricts allowed types in XML payloads, indicating these methods previously lacked proper type validation. Exploit references to SharePoint DataSet/DataTable
deserialization (CVE-2020-1147) and the .NET team's announcement about XML payload restrictions confirm these functions' involvement.