← back
CVE-2020-1066

CVE-2020-1066

EPSS 2.3%◆ VulnCheck KEV
Vexday Risk Score
45Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 2.3%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
21 May 2020Published on NVD
01 Jun 2020Public PoC
Weaponization speed
10 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.