Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfull...">CVE-2020-1115 - vulnerability database | Vulners.comWindows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfull...">Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfull...">Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfull...">

Lucene search

K

[email protected]NVD:CVE-2020-1115

HistorySep 11, 2020 - 5:15 p.m.

CVE-2020-1115

2020-09-1117:15:18

[email protected]

web.nvd.nist.gov

1

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

<p>An elevation of privilege vulnerability exists when the <a href=“https://technet.microsoft.com/library/security/dn848375.aspx#CLFS”>Windows Common Log File System (CLFS)</a> driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>
<p>The security update addresses the vulnerability by correcting how CLFS handles objects in memory.</p>

Affected configurations

NVD

Node

microsoftwindows_10Match-

OR

microsoftwindows_10Match1607

OR

microsoftwindows_10Match1709

OR

microsoftwindows_10Match1803

OR

microsoftwindows_10Match1809

OR

microsoftwindows_10Match1903

OR

microsoftwindows_10Match1909

OR

microsoftwindows_10Match2004

OR

microsoftwindows_7Match-sp1

OR

microsoftwindows_8.1Match-

OR

microsoftwindows_rt_8.1Match-

OR

microsoftwindows_server_2008Match-sp2

OR

microsoftwindows_server_2008Matchr2sp1x64

OR

microsoftwindows_server_2012Match-

OR

microsoftwindows_server_2012Matchr2

OR

microsoftwindows_server_2016Match-

OR

microsoftwindows_server_2016Match1903

OR

microsoftwindows_server_2016Match1909

OR

microsoftwindows_server_2016Match2004

OR

microsoftwindows_server_2019Match-

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1115

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.5%

Related for NVD:CVE-2020-1115

mscve1 cvelist1 cve1 cnvd1 checkpoint_advisories1 talos1 prion1 mskb15 nessus11 kaspersky2 openvas9 avleonov1