CVE-2020-1598Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269Improper Privilege ManagementCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
7.8HIGHNVD
CNA6.1
EPSS
1.1%
top 22.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1709+19 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or ap

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages23 packages

CVEListV5microsoft/windows_7_service_pack_16.1.0publication
CVEListV5microsoft/windows_server_2008_service_pack_26.0.0publication
CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.0publication+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-3qjh-mq2f-vcvc: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Wind2022-05-24
GHSA
Redgate SQL Change Automation Plugin stored credentials in plain text2022-05-24
CVEList
Windows UPnP Service Elevation of Privilege Vulnerability2020-09-11

📋Vendor Advisories

1
Microsoft
Windows UPnP Service Elevation of Privilege Vulnerability2020-09-08
CVE-2020-1598 — Improper Privilege Management | cvebase