CVE-2020-0986

HIGH

Description

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

References

http://packetstormsecurity.com/files/160698/Microsoft-Windows-splWOW64-Privilege-Escalation.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986

Details

Source: MITRE

Published: 2020-06-09

Updated: 2020-12-23

Type: CWE-269

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
137304KB4557957: Windows 10 Version 2004 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137262KB4561673: Windows 8.1 and Windows Server 2012 R2 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137261KB4561649: Windows 10 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137259KB4561621: Windows 10 Version 1803 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137258KB4561616: Windows 10 Version 1607 and Windows Server 2016 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137257KB4561674: Windows Server 2012 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137256KB4561608: Windows 10 Version 1809 and Windows Server 2019 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137255KB4561602: Windows 10 Version 1709 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high
137254KB4560960: Windows 10 Version 1903 and Windows 10 Version 1909 June 2020 Security UpdateNessusWindows : Microsoft Bulletins
high