CVE-2020-0810

4 documents4 sources

Severity

7.8HIGH

EPSS

0.4%

top 39.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio +13 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual S…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

▶NVDmicrosoft/visual_studio_201715.1 — 15.9

▶NVDmicrosoft/visual_studio_201916.0 — 16.4

▶CVEListV5microsoft/microsoft_visual_studio2015 Update 3

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

▶CVEListV5microsoft/microsoft_visual_studio_2017_version_15.9_(includes_15.1_-_15.8)unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w654-3fww-qw57: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creatio↗2022-05-24

▶

CVEList

CVE-2020-0810: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creatio↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability↗2020-03-10

▶