AttackerKBAKB:6CB7E591-BAA2-4EEE-B7A3-DE3202C1DEE8CVE-2020-0863
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka ‘Connected User Experiences and Telemetry Service Information Disclosure Vulnerability’.
Recent assessments:
bwatters-r7 at December 21, 2020 10:03pm UTC reported:
CVE-2020-0863 is an arbitrary file read vulnerability. During the course of execution, the Diagnostic Tracking service in Windows reads a set of configuration files from a user-controlled directory, and copies them to a directory readable to everyone. While it is not possible to change the location of the write, using an oplock and file junctions, an attacker can manipulate the source file, causing the service to copy a file from a privileged area to a location readable by everyone.
More information is available here: <https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N