CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.5%
<p>An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p>
<p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p>
<p>The security update addresses the vulnerability by ensuring the Windows Storage VSP Driver properly handles file operations.</p>
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_10 | 1607 | cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* |
microsoft | windows_10 | 1709 | cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* |
microsoft | windows_10 | 1803 | cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* |
microsoft | windows_10 | 1809 | cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* |
microsoft | windows_10 | 1903 | cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* |
microsoft | windows_10 | 2004 | cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | - | cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | 1903 | cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* |
microsoft | windows_server_2016 | 2004 | cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:* |
microsoft | windows_server_2019 | - | cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.5%