Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11998
HistoryNov 10, 2020 - 12:00 a.m.

KLA11998 Multiple vulnerabilities in Microsoft Developer Tools

2020-11-1000:00:00
Kaspersky Lab
threats.kaspersky.com
10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON

Detect date:

11/10/2020

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Affected products:

Microsoft Visual Studio 2019 version 16.8
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Azure DevOps Server 2019 Update 1.1
Visual Studio Code
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1325
CVE-2020-17100
CVE-2020-17104

Impacts:

ACE

Related products:

Microsoft Visual Studio

CVE-IDS:

CVE-2020-13255.4High
CVE-2020-171005.5High
CVE-2020-171047.8Critical

Microsoft official advisories:

Related

nessus 3
mscve 3
cve 3
prion 3
nessus
nessus
Security Update for Microsoft Visual Studio Code JSHint Extension (August 2020)
2020-11-11 00:00:00
Security Updates for Microsoft Visual Studio Products (November 2020)
2020-11-10 00:00:00
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (December 2020)
2020-12-08 00:00:00
mscve
mscve
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
2020-11-10 08:00:00
Visual Studio Tampering Vulnerability
2020-11-10 08:00:00
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
2020-11-10 08:00:00
cve
cve
CVE-2020-17104
2020-11-11 07:15:00
CVE-2020-17100
2020-11-11 07:15:00
CVE-2020-1325
2020-11-11 07:15:00
prion
prion
Remote code execution
2020-11-11 07:15:00
Spoofing
2020-11-11 07:15:00
Spoofing
2020-11-11 07:15:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON
Related for KLA11998
nessus3mscve3cve3prion3