CVE-2020-1393

4 documents4 sources

Severity

7.8HIGH

EPSS

0.3%

top 47.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio +18 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

▶CVEListV5microsoft/windows13 versions+12

▶NVDmicrosoft/windows1903, 1909, 2004+2

▶NVDmicrosoft/windows_107 versions+6

▶CVEListV5microsoft/windows_server4 versions+3

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx28-fjmc-jx5r: An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading t↗2022-05-24

▶

CVEList

CVE-2020-1393: An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading t↗2020-07-14

▶

📋Vendor Advisories

Microsoft

Windows Diagnostics Hub Elevation of Privilege Vulnerability↗2020-07-14

▶