Login Sign Up

CVE-2020-1046

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a remote code execution vulnerability in Microsoft .NET Framework that allows attackers to execute arbitrary code by uploading specially crafted files to vulnerable web applications. It affects systems running unpatched .NET Framework versions. Attackers who successfully exploit this can gain full control over affected systems.

💻 Affected Systems

Products:
  • Microsoft .NET Framework
Versions: Multiple versions of .NET Framework (specific versions detailed in Microsoft advisory)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires web application with file upload capability that processes files using vulnerable .NET Framework components.

📦 What is this software?

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

.net Framework by Microsoft

View all CVEs affecting .net Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install programs, view/change/delete data, create new accounts with full user rights, and establish persistence.

🟠

Likely Case

Web server compromise leading to data theft, lateral movement within network, and deployment of ransomware or other malware.

🟢

If Mitigated

Attack blocked at web application firewall level or file upload validation prevents malicious files from reaching vulnerable .NET Framework components.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires ability to upload files to vulnerable web application. No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates for affected .NET Framework versions as specified in Microsoft advisory

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046

Restart Required: Yes

Instructions:

1. Apply Microsoft security updates for .NET Framework. 2. Restart affected systems. 3. Test web applications for functionality after patching.

🔧 Temporary Workarounds

Restrict File Uploads

all

Implement strict file upload validation including file type restrictions, size limits, and content scanning

Web Application Firewall Rules

all

Configure WAF to block suspicious file upload patterns and .NET Framework exploitation attempts

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all file upload functionality
  • Isolate vulnerable systems from internet and restrict internal access using network segmentation

🔍 How to Verify

Check if Vulnerable:

Check .NET Framework version and compare with Microsoft's affected versions list in advisory

Check Version:

reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release

Verify Fix Applied:

Verify .NET Framework version has been updated to patched version and security update is installed

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload patterns
  • Failed file upload attempts with suspicious extensions
  • .NET Framework error logs showing processing failures

Network Indicators:

  • Large file uploads to web applications
  • Unusual outbound connections from web servers post-upload

SIEM Query:

source="web_server_logs" AND (file_upload="true" AND (file_extension="unusual" OR file_size>threshold))

📊 Metadata

CVE ID: CVE-2020-1046
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: August 17, 2020
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON