E20-0zk02
CVSS:
10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2020
Description
This strike exploits the vulnerability known as 'Zerologon'. This privilege escalation vulnerability is due to the insecure usage of AES-CFB8 encryption for Netlogon sessions in Microsoft Netlogon Remote Protocol (MS-NRPC). This is the SMB version of the ZeroLogon.
A remote (same LAN) unauthenticated attacker can exploit this vulnerability to impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller which may result in the complete takeover of a Windows domain.