CVE-2020-1130

5 documents5 sources

Severity

6.6MEDIUM

EPSS

0.5%

top 34.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2015 Update 3 Microsoft Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)Microsoft Microsoft Visual Studio 2019 Version 16.0 +22 more

Timeline

PublishedSep 11

Latest updateMar 21

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 1.8 | Impact: 4.7

Affected Packages26 packages

▶CVEListV5microsoft/microsoft_visual_studio_2015_update_314.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

dio vulnerable to CRLF injection with HTTP method string↗2023-03-21

▶

GHSA

GHSA-cvh4-vf6f-2qvj: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub St↗2022-05-24

▶

CVEList

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability↗2020-09-08

▶