Lucene search

[email protected]NVD:CVE-2020-1337

HistoryAug 17, 2020 - 7:15 p.m.

CVE-2020-1337

2020-08-1719:15:14

CWE-367

[email protected]

web.nvd.nist.gov

windows print spooler

privilege escalation

arbitrary code

file system

vulnerability

windows update

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.005

Percentile

76.9%

JSON

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.
The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.

Affected configurations

Nvd

Node

microsoftwindows_10Match-

microsoftwindows_10Match1607

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_7Matchsp1

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

microsoftwindows_server_2016Match1903

microsoftwindows_server_2016Match1909

microsoftwindows_server_2016Match2004

microsoftwindows_server_2019Match-

VendorProductVersionCPE
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
microsoftwindows_7sp1cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709:::::::*
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803:::::::*
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809:::::::*
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004:::::::*
microsoft	windows_7	sp1	cpe:2.3:o:microsoft:windows_7:sp1:::::::*
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-:::::::*