Lucene search

MicrosoftCVE-2020-1423

HistoryJul 14, 2020 - 11:15 p.m.

CVE-2020-1423

2020-07-1423:15:18

microsoft

web.nvd.nist.gov

cve-2020-1423

windows

subsystem

linux

elevation of privilege

vulnerability

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

Percentile

9.5%

JSON

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka ‘Windows Subsystem for Linux Elevation of Privilege Vulnerability’.

Affected configurations

Nvd

Node

microsoftwindows_10Match2004x64

microsoftwindows_server_2016Match2004

VendorProductVersionCPE
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*
microsoftwindows_server_20162004cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004::::::x64:
microsoft	windows_server_2016	2004	cpe:2.3:o:microsoft:windows_server_2016:2004:::::::*

CNA Affected

[
  {
    "product": "Windows 10 Version 2004 for x64-based Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Windows 10 Version 2004 for ARM64-based Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Windows Server, version 2004 (Server Core installation)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]