← back
CVE-2020-1509

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 3.3%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 3.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C