CVE-2020-0899

4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 51.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2017 Version 15.9 (includes 15.1 - 15.8)Microsoft Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio 2019 Version 16.4 (includes 16.0 - 16.3)+3 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDmicrosoft/visual_studio_201715.9

▶NVDmicrosoft/visual_studio_201916.0, 16.4, 16.5.0+2

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.5unspecified

▶CVEListV5microsoft/microsoft_visual_studio_2017_version_15.9_(includes_15.1_-_15.8)unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j53q-vvgg-c52c: An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual↗2022-05-24

▶

CVEList

CVE-2020-0899: An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual↗2020-04-15

▶

📋Vendor Advisories

Microsoft

Microsoft Visual Studio Elevation of Privilege Vulnerability↗2020-04-14

▶