Main Vulnerability Database SB2020051916

SB2020051916 - Information disclosure in Microsoft Windows

Published: May 19, 2020

Security Bulletin ID SB2020051916

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: N/A)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists within the handling of WLAN connection profiles in Microsoft Windows. A local user can create a malicious profile and disclose credentials for the machine account. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of an administrator.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.zerodayinitiative.com/advisories/ZDI-20-666/