CVE-2020-1699011.11.2020, 07:15Azure Sphere Information Disclosure VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.2 MEDIUMLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmicrosoftCNA6.2 MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 65%VendorProductVersionmicrosoftazure_sphere𝑥< 20.07𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16990https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1089https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16990https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1089