CVE-2020-0838
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2020
Last modified:
31/12/2023
Description
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.<br />
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.<br />
The security update addresses the vulnerability by correcting how NTFS checks access.<br />
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:* | ||
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:* | ||
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:* | ||
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:* | ||
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:* | ||
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:* | ||
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* | ||
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* |
To consult the complete list of CPE names with products and versions, see this page