← voltar
CVE-2020-1509

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 3.3%
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 3.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
17 ago 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the target system's LSASS service. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C