9.9

CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 Version- HwPlatformx64
MicrosoftWindows 10 Version- HwPlatformx86
MicrosoftWindows 10 Version1607 HwPlatformx64
MicrosoftWindows 10 Version1607 HwPlatformx86
MicrosoftWindows 10 Version1709
MicrosoftWindows 10 Version1803
MicrosoftWindows 10 Version1809
MicrosoftWindows 10 Version1903
MicrosoftWindows 10 Version1909
MicrosoftWindows 7 Version- Updatesp1 HwPlatformx64
MicrosoftWindows 7 Version- Updatesp1 HwPlatformx86
MicrosoftWindows 8.1 Version- HwPlatformx64
MicrosoftWindows 8.1 Version- HwPlatformx86
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformitanium
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx64
MicrosoftWindows Server 2008 Version- Updatesp2 HwPlatformx86
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.796
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.