CVE-2020-1082 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4556826
1607 (x64, x86)	KB4556813
1709 (arm64, x64, x86)	KB4556812
1803 (arm64, x64, x86)	KB4556807
1809 (arm64, x64, x86)	KB4551853
1903 (arm64, x64, x86)	KB4556799
1909 (arm64, x64, x86)	KB4556799

Windows Server

1803 Server Core	KB4556807
1903 Server Core	KB4556799
1909 Server Core	KB4556799

Windows Server 2016

Server Core	KB4556813
Standard	KB4556813

Windows Server 2019

Server Core	KB4551853
Standard	KB4551853

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1082

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1082

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1082

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1082