Lucene search

[email protected]CVE-2020-16879

HistorySep 11, 2020 - 5:15 p.m.

CVE-2020-16879

2020-09-1117:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-16879

information security

windows

vulnerability

disclosure

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

8.7%

JSON

An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.
The security update addresses the vulnerability by correcting how Windows Projected Filesystem handle file redirections.

VendorProductVersionCPE
microsoftwindows_10_180910.0.0cpe:2.3:o:microsoft:windows_10_1809:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server_201910.0.0cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server_201910.0.0cpe:2.3:o:microsoft:windows_server_2019:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_190910.0.0cpe:2.3:o:microsoft:windows_10_1909:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server,_version_190910.0.0cpe:2.3:o:microsoft:windows_server,_version_1909:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1903 for 32-bit systems10.0.0cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1903 for x64-based systems10.0.0cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_1903 for arm64-based systems10.0.0cpe:2.3:o:microsoft:windows_10_1903 for arm64-based systems:10.0.0:*:*:*:*:*:*:*
microsoftwindows_server,_version_190310.0.0cpe:2.3:o:microsoft:windows_server,_version_1903:10.0.0:*:*:*:*:*:*:*
microsoftwindows_10_200410.0.0cpe:2.3:o:microsoft:windows_10_2004:10.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10_1809	10.0.0	cpe:2.3:o:microsoft:windows_10_1809:10.0.0:::::::*
microsoft	windows_server_2019	10.0.0	cpe:2.3:o:microsoft:windows_server_2019:10.0.0:::::::*
microsoft	windows_server_2019	10.0.0	cpe:2.3:o:microsoft:windows_server_2019:10.0.0:::::::*
microsoft	windows_10_1909	10.0.0	cpe:2.3:o:microsoft:windows_10_1909:10.0.0:::::::*
microsoft	windows_server,_version_1909	10.0.0	cpe:2.3:o:microsoft:windows_server,_version_1909:10.0.0:::::::*
microsoft	windows_10_1903 for 32-bit systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1903 for 32-bit systems:10.0.0:::::::*
microsoft	windows_10_1903 for x64-based systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1903 for x64-based systems:10.0.0:::::::*
microsoft	windows_10_1903 for arm64-based systems	10.0.0	cpe:2.3:o:microsoft:windows_10_1903 for arm64-based systems:10.0.0:::::::*
microsoft	windows_server,_version_1903	10.0.0	cpe:2.3:o:microsoft:windows_server,_version_1903:10.0.0:::::::*
microsoft	windows_10_2004	10.0.0	cpe:2.3:o:microsoft:windows_10_2004:10.0.0:::::::*