CVE-2020-1170

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microsoft:forefront_endpoint_protection_2010:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*

History

21 Nov 2024, 05:09

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
References () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170 - Patch, Vendor Advisory () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170 - Patch, Vendor Advisory

Information

Published : 2020-06-09 20:15

Updated : 2024-11-21 05:09


NVD link : CVE-2020-1170

Mitre link : CVE-2020-1170

CVE.ORG link : CVE-2020-1170


JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_7
  • windows_8.1
  • windows_rt_8.1
  • security_essentials
  • windows_server_2016
  • windows_defender
  • windows_server_2019
  • windows_server_2012
  • system_center_endpoint_protection
  • windows_10
  • forefront_endpoint_protection_2010
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource