Detections
Analytics
Windows Cloud Files Mini Filter Driver EoP (MiniPlasma) (Direct Check) (CVE-2020-17103)
high Nessus Plugin ID 316497
Language:
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Cloud Files Mini Filter Driver (cldflt.sys), known as MiniPlasma. An authenticated, local attacker can exploit this issue to elevate privileges to SYSTEM. Although Microsoft originally addressed this issue in December 2020, the fix has since regressed, and a publicly available proof-of-concept exploit demonstrates that the vulnerability is once again exploitable on currently patched hosts as of May 2026.Solution
Refer to Microsoft's advisory for current mitigation guidance and apply any security update once released.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17103
http://www.nessus.org/u?592b113a
Plugin Details
Severity: High
ID: 316497
File Name: windows_miniplasma_CVE-2020-17103.nbin
Version: 1.3
Type: Local
Agent: windows
Family: Windows
Published: 5/22/2026
Updated: 5/25/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-17103
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/Registry/Enumerated, SMB/registry_full_access
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 12/8/2020
Vulnerability Publication Date: 12/8/2020
Reference Information
CVE: CVE-2020-17103
IAVA: 2020-A-0561-S, 2020-A-0562-S