CVE-2020-1509Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269Improper Privilege Management7 documents5 sources
Severity
8.8HIGHNVD
CNA7.8
EPSS
6.8%
top 8.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1709+16 more
Timeline
PublishedAug 17
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages19 packages

CVEListV5microsoft/windows_8.16.3.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-mxf8-c4gw-pc7v: An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specia2022-05-24
CVEList
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability2020-08-17

📋Vendor Advisories

1
Microsoft
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability2020-08-11

💬Community

3
Bugzilla
CVE-2020-2778 OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)2020-04-14
Bugzilla
CVE-2020-2816 OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)2020-04-14
Bugzilla
CVE-2020-2767 OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581)2020-04-14
CVE-2020-1509 — Improper Privilege Management | cvebase