CVE-2020-0601

ADVISORY - nist

Summary

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

EPSS Score⁠: 0.94093 (0.999)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

6 years ago

UPDATED

9 days ago

ADVISORY IDCVE-2020-0601⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

8.1high

Alpine

CREATED

6 years ago

UPDATED

20 hours ago

ADVISORY IDCVE-2020-0601⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GoLang

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDGO-2022-0535⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Bitnami

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

BIT-2020-0601

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

2 years ago

UPDATED

17 days ago

ADVISORY ID

BIT-golang-2020-0601

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.1high

intheWild

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2020-0601⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CISA

CREATED

4 years ago

UPDATED

8 months ago

ADVISORY ID

CVE-2020-0601

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY