← back
CVE-2020-1474

Windows Image Acquisition Service Information Disclosure Vulnerability

CVSS 7.8 HIGHEPSS 1.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera, scanner, cellular phone) to an affected system and run a specially crafted application to disclose information. The security update addresses the vulnerability by correcting how the WIA Service handles objects in memory.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C