Lucene search

[email protected]CVE-2019-1378

HistoryOct 10, 2019 - 2:15 p.m.

CVE-2019-1378

2019-10-1014:15:00

CWE-732

[email protected]

web.nvd.nist.gov

cve-2019-1378

windows 10

update assistant

privilege escalation

permissions

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.5%

JSON

An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows 10 Update Assistant Elevation of Privilege Vulnerability’.

VendorProductVersionCPE
microsoftwindows_upgrade_assistant*cpe:2.3:a:microsoft:windows_upgrade_assistant:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_upgrade_assistant	*	cpe:2.3:a:microsoft:windows_upgrade_assistant::::::::

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.5%

JSON

Related for CVE-2019-1378

prion1 mscve1 symantec1 mskb1 kaspersky1 talosblog1