Vulnerability Name: | CVE-2020-1274 (CCN-182511) |
Assigned: | 2019-11-04 |
Published: | 2020-06-09 |
Updated: | 2021-07-21 |
Summary: | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
|
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial | 6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-269
|
Vulnerability Consequences: | Gain Privileges |
References: | Source: MITRE Type: CNA CVE-2020-1274
Source: XF Type: UNKNOWN ms-windows-cve20201274-priv-esc(182511)
Source: CCN Type: Microsoft Security TechCenter - June 2020 Windows Kernel Elevation of Privilege Vulnerability
Source: MISC Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1274
|
Vulnerable Configuration: | Configuration 1: cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_10:1903:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_10:1909:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_10:2004:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_1903:-:*:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_1909:-:*:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_2004:-:*:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* Configuration CCN 1: cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:*OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:arm64:*OR cpe:/o:microsoft:windows_server:1903:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server:1909:*:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server:2004:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |
microsoft windows 10 1803
microsoft windows 10 1809
microsoft windows 10 1903
microsoft windows 10 1909
microsoft windows 10 2004
microsoft windows server 2016 1803
microsoft windows server 2016 1903
microsoft windows server 2016 1909
microsoft windows server 2016 2004
microsoft windows server 2019 -
microsoft windows 10 -
microsoft windows 10
microsoft windows server 1803
microsoft windows server 2019 -
microsoft windows 10 -
microsoft windows server 1903
microsoft windows server 1909
microsoft windows server 2004