CVE-2020-1002

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

Published at
2020-04-15T15:15Z
1560 days ago
Modified
2021-09-09T13:33Z
1049 days ago
NVD-CWE-noinfo
Problem type

Impact

CVSS v3 vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

References


URLType
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002
N/A

GET https://vulnerabilitydata.com/api/details/CVE-2020-1002

{
	"id": "CVE-2020-1002",
	"published_date": "2020-04-15T15:15Z",
	"last_modified_date": "2021-09-09T13:33Z",
	"assigner": "secure@microsoft.com",
	"description": "An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.",
	"references": [
		{
			"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1002",
			"name": "N/A",
			"refsource": "N/A",
			"tags": [
				"Patch",
				"Vendor Advisory"
			]
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.1",
				"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
				"attackVector": "LOCAL",
				"attackComplexity": "LOW",
				"privilegesRequired": "LOW",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "NONE",
				"integrityImpact": "HIGH",
				"availabilityImpact": "HIGH",
				"baseScore": 7.1,
				"baseSeverity": "HIGH"
			},
			"exploitabilityScore": 1.8,
			"impactScore": 5.2
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
				"accessVector": "LOCAL",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "NONE",
				"integrityImpact": "COMPLETE",
				"availabilityImpact": "COMPLETE",
				"baseScore": 6.6
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 3.9,
			"impactScore": 9.2,
			"acInsufInfo": false,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "NVD-CWE-noinfo"
}