Vulnerability Name:
CVE-2020-1079 (CCN-181079)
Assigned:
2019-11-04
Published:
2020-05-12
Updated:
2021-07-21
Summary:
An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from
CVE-2020-1010
,
CVE-2020-1068
.
CVSS v3 Severity:
7.8 High
(CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
)
6.8 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
7.8 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
)
6.8 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
7.2 High
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
6.8 Medium
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-269
Vulnerability Consequences:
Gain Privileges
References:
Source: MITRE
Type: CNA
CVE-2020-1079
Source: XF
Type: UNKNOWN
ms-windows-cve20201079-priv-esc(181079)
Source: CCN
Type: Microsoft Security TechCenter - May 2020
Microsoft Windows Elevation of Privilege Vulnerability
Source: MISC
Type: Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1079
Vulnerable Configuration:
Configuration 1
:
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1903:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1909:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_1903:-:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_1909:-:*:*:*:*:*:x64:*
Configuration CCN 1
:
cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
OR
cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*
OR
cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:arm64:*
OR
cpe:/o:microsoft:windows_server:1903:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server:1909:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
microsoft
windows 10 -
microsoft
windows 10 1607
microsoft
windows 10 1709
microsoft
windows 10 1803
microsoft
windows 10 1809
microsoft
windows 10 1903
microsoft
windows 10 1909
microsoft
windows 8.1 -
microsoft
windows rt 8.1 -
microsoft
windows server 2012 -
microsoft
windows server 2012 r2
microsoft
windows server 2016 -
microsoft
windows server 2016 1803
microsoft
windows server 2019 -
microsoft
windows server 2016 1903
microsoft
windows server 2016 1909
microsoft
windows server 2012
microsoft
windows 8.1 - -
microsoft
windows 8.1
microsoft
windows server 2012 r2
microsoft
windows rt 8.1 -
microsoft
windows 10 -
microsoft
windows 10
microsoft
windows server 2016
microsoft
windows server 1803
microsoft
windows server 2019 -
microsoft
windows 10 -
microsoft
windows server 1903
microsoft
windows server 1909