Lucene search
HistoryJun 09, 2020 - 8:15 p.m.
CVE-2020-1293
cve-2020-1293
elevation of privilege
diagnostics hub standard collector service
file operations
nvd
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0
Percentile
9.5%
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka âDiagnostics Hub Standard Collector Elevation of Privilege Vulnerabilityâ. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
Affected configurations
Node
microsoftwindows_10Match1803x32
ORmicrosoftwindows_10Match1803x64
ORmicrosoftwindows_10Match1803arm64
ORmicrosoftwindows_10Match1809x32
ORmicrosoftwindows_10Match1809x64
ORmicrosoftwindows_10Match1809arm64
ORmicrosoftwindows_10Match1709x32
ORmicrosoftwindows_10Match1709x64
ORmicrosoftwindows_10Match1709arm64
ORmicrosoftwindows_10Match1607x32
ORmicrosoftwindows_10Match1607x64
Node
microsoftwindows_serverMatch1803
ORmicrosoftwindows_server_2019
ORmicrosoftwindows_server_2019
ORmicrosoftwindows_server_2016
ORmicrosoftwindows_server_2016
Node
microsoftvisual_studio_2019Match16.4
ORmicrosoftvisual_studio_2019Range16.0â16.3
Node
microsoftvisual_studio_2017Match15.9
ORmicrosoftvisual_studio_2017Range15.0â15.8
Node
microsoftvisual_studio_2019Match16.0
Node
microsoftvisual_studio_2019Match16.6
ORmicrosoftvisual_studio_2019Range16.0â16.5
Node
microsoftvisual_studioupdate_3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1803 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1809 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1709 for ARM64-based Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "10 Version 1607 for x64-based Systems"
}
]
},
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
},
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
}
]
},
{
"product": "Windows 10 Version 1909 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1909 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1909 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 1903 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.0"
}
]
},
{
"product": "Windows 10 Version 2004 for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows Server, version 2004 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2015 Update 3"
}
]
},
{
"product": "Windows 10 Version 2004 for x64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Windows 10 Version 2004 for ARM64-based Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]Related
cve
cve
CVE-2020-1278
2020-06-09 20:15:18
CVE-2020-1257
2020-06-09 20:15:16
cvelist
cvelist
prion
prion
Privilege escalation
2020-06-09 20:15:00
Privilege escalation
2020-06-09 20:15:00
Privilege escalation
2020-06-09 20:15:00
nvd
nvd
nessus
nessus
Security Updates for Microsoft Visual Studio Products (June 2020)
2020-06-09 00:00:00
KB4561616: Windows 10 Version 1607 and Windows Server 2016 June 2020 Security Update
2020-06-09 00:00:00
KB4561602: Windows 10 Version 1709 June 2020 Security Update
2020-06-09 00:00:00
mskb
mskb
Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: June 9, 2020
2020-06-09 07:00:00
June 9, 2020âKB4561616 (OS Build 14393.3750)
2020-06-09 07:00:00
June 9, 2020âKB4561602 (OS Build 16299.1932)
2020-06-09 07:00:00
mscve
mscve
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
2020-06-09 07:00:00
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
2020-06-09 07:00:00
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
2020-06-09 07:00:00
kaspersky
kaspersky
KLA11812 Multiple vulnerabilities in Microsoft Developer Tools
2020-06-09 00:00:00
KLA11807 Multiple vulnerabilities in Microsoft Windows
2020-06-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4561616)
2020-06-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4561602)
2020-06-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4561608)
2020-06-10 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB
2020-06-23 01:31:46
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0
Percentile
9.5%
Related for CVE-2020-1293