CVE-2020-1199 — Improper Privilege Management in Microsoft Windows

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1809 FOR Hololens Microsoft Windows 10 Version 1903 FOR Hololens +4 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka 'Windows Feedback Hub Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5microsoft/windows10 Version 1709 for x64-based Systems, 10 Version 1803 for x64-based Systems, 10 Version 1809 for x64-based Systems+2

▶NVDmicrosoft/windows_105 versions+4

▶CVEListV5microsoft/windows_10_version_1809_for_hololensunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_hololensunspecified

▶CVEListV5microsoft/windows_10_version_2004_for_hololensunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2h94-9rvm-hrqh: An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka 'Windows Feedback Hub Elevation↗2022-05-24

▶

CVEList

CVE-2020-1199: An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka 'Windows Feedback Hub Elevation↗2020-06-09

▶

📋Vendor Advisories

Microsoft

Windows Feedback Hub Elevation of Privilege Vulnerability↗2020-06-09

▶