Lucene search

MicrosoftMS:CVE-2020-0702

HistoryFeb 11, 2020 - 8:00 a.m.

Surface Hub Security Feature Bypass Vulnerability

2020-02-1108:00:00

Microsoft

msrc.microsoft.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.8%

JSON

A security feature bypass vulnerability exists in Surface Hub when prompting for credentials. Successful exploitation of the vulnerability could allow an attacker to access settings which are restricted to Administrators.

To exploit the vulnerability, an attacker would need to have physical access to a Surface Hub.

The update addresses the vulnerability by correcting how credentials are validated when accessing restricted settings.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for MS:CVE-2020-0702