CVE-2020-1202

4 documents4 sources
Severity
7.8HIGH
EPSS
0.4%
top 41.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
Microsoft Visual Studio 2017Microsoft Visual Studio 2019Microsoft Microsoft Visual Studio+18 more
Timeline
PublishedJun 9
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

NVDmicrosoft/visual_studio_201715.015.9
NVDmicrosoft/visual_studio_201916.016.6
CVEListV5microsoft/microsoft_visual_studio2015 Update 3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-667c-hxc9-rgpc: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly ha2022-05-24
CVEList
CVE-2020-1202: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly ha2020-06-09

📋Vendor Advisories

1
Microsoft
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability2020-06-09
CVE-2020-1202 (HIGH CVSS 7.8) | An elevation of privilege vulnerabi | cvebase.io