CVE-2020-1293

5 documents5 sources
Severity
7.8HIGH
EPSS
0.4%
top 40.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
Microsoft Visual Studio 2017Microsoft Visual Studio 2019Microsoft Microsoft Visual Studio+18 more
Timeline
PublishedJun 9
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

NVDmicrosoft/visual_studio_201715.015.9
NVDmicrosoft/visual_studio_201916.016.6
CVEListV5microsoft/windows11 versions+10
NVDmicrosoft/windows4 versions+3
NVDmicrosoft/windows_107 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vxcm-74px-9fvc: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostic2022-05-24
CVEList
CVE-2020-1293: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostic2020-06-09

📋Vendor Advisories

1
Microsoft
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability2020-06-09

💬Community

1
Bugzilla
CVE-2020-14983 chocolate-doom: malicious user can overwrite the server's stack leads to DoS2020-06-30
CVE-2020-1293 (HIGH CVSS 7.8) | An elevation of privilege vulnerabi | cvebase.io