7.8

CVE-2020-0638

Warning

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 10 1709 Version- HwPlatformarm64
MicrosoftWindows 10 1709 Version- HwPlatformx64
MicrosoftWindows 10 1803 Version- HwPlatformarm64
MicrosoftWindows 10 1803 Version- HwPlatformx64
MicrosoftWindows 10 1809 Version- HwPlatformarm64
MicrosoftWindows 10 1809 Version- HwPlatformx64
MicrosoftWindows 10 1809 Version- HwPlatformx86
MicrosoftWindows 10 1903 Version- HwPlatformarm64
MicrosoftWindows 10 1903 Version- HwPlatformx64
MicrosoftWindows 10 1903 Version- HwPlatformx86
MicrosoftWindows 10 1909 Version- HwPlatformarm64
MicrosoftWindows 10 1909 Version- HwPlatformx64
MicrosoftWindows 10 1909 Version- HwPlatformx86

23.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Update Notification Manager Privilege Escalation Vulnerability

Vulnerability

Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.85% 0.916
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.