CVE-2020-1084

EUVD-2020-11974

21.05.2020, 23:15

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_10	-
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4556826
1607 (x64, x86)	KB4556813
1709 (arm64, x64, x86)	KB4556812
1803 (arm64, x64, x86)	KB4556807
1809 (arm64, x64, x86)	KB4551853
1903 (arm64, x64, x86)	KB4556799
1909 (arm64, x64, x86)	KB4556799

Windows Server

1803 Server Core	KB4556807
1903 Server Core	KB4556799
1909 Server Core	KB4556799

Windows Server 2016

Server Core	KB4556813
Standard	KB4556813

Windows Server 2019

Server Core	KB4551853
Standard	KB4551853

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1084