7.8

CVE-2020-1021

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1607
MicrosoftWindows 10 Version1709
MicrosoftWindows 10 Version1803
MicrosoftWindows 10 Version1809
MicrosoftWindows 10 Version1903
MicrosoftWindows 10 Version1909
MicrosoftWindows Server 2016 Version1903
MicrosoftWindows Server 2016 Version1909
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.452
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.