CVE-2020-0638

high

Description

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'.

References

https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638

Details

Source: Mitre, NVD

Published: 2020-01-14

Updated: 2021-07-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High