CVE-2020-16898 Bad Neighbor
2 min readCVE-2020-16898
CVSS score 9.8
The last time I checked we had No scanner pattern available yet. (According to Rapid 7 they have just released a detection so I need to recheck if our scanner have this update)
Media Name: Bad Neighbor
CVSSv3 score: 9.8
Vulnerability Type: remote code execution (RCE) vulnerability in the Windows TCP/IP stack
Explosion:
Successful exploitation requires sending specially-crafted ICMPv6 Router Advertisement packets to a remote Windows computer and could give an attacker the ability to execute code on the target server or client.
Exploit development and weatherization
Security firms have been quick to point out that exploiting the vulnerability to crash a target system with a Blue Screen of Death (BSoD) is straightforward. A full exploit chain would require an additional primitive (e.g., an info leak) to function fully. Hypothetically, the “easiest” exploit chain might be one in which an attacker leverages a different vulnerability to obtain the randomized kernel base address and stack cookie to reliably exploit CVE-2020-16898.
A single maliciously-crafted packet has the potential to knock out an entire network segment, which is problematic even before considering the possibility of code execution on the target system.
Solution
Apply the Microsoft patch for CVE-2020-16898 as soon as possible.
Mitigation If unable to patch immediately
Windows 1709 and above disabling ICMPv6 RDNSS as a workaround via the PowerShell.
PowerShell command: netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable
Risk:
According to several leading security vendor, the exploiting of the vulnerability is relatively straight forward. This vulnerability could be easily weaponised and user for a major DDOS attack. As its also worm-able it could be used for mass ransomware or other types of virus attack.
Affected Windows Versions
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1903 for 32-bit System
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for x64-based Systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server, version 1903 (Server Core installation)
- Windows Server, version 1909 (Server Core installation)
- Windows Server, version 2004 (Server Core installation)