CVE-2020-1257

4 documents4 sources

Severity

7.8HIGH

EPSS

0.4%

top 40.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio +18 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

▶NVDmicrosoft/visual_studio_201715.0 — 15.9

▶NVDmicrosoft/visual_studio_201916.0 — 16.6

▶CVEListV5microsoft/windows11 versions+10

▶NVDmicrosoft/windows4 versions+3

▶NVDmicrosoft/windows_107 versions+6

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qf46-mccv-c8hv: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostic↗2022-05-24

▶

CVEList

CVE-2020-1257: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostic↗2020-06-09

▶

📋Vendor Advisories

Microsoft

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability↗2020-06-09

▶