Main Vulnerability Database Vulnerabilities #VU25251

Security Features in Microsoft Surface Hub - CVE-2020-0702

Published: February 11, 2020

Vulnerability identifier: #VU25251

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0702

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Surface Hub

Detailed vulnerability description

This vulnerability allows a local attacker to bypass security rescritions feature.

The vulnerability exists in Surface Hub when prompting for credentials. An attacker with physical access can access settings which are restricted to Administrators.

How to mitigate CVE-2020-0702

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0702

Security Features in Microsoft Surface Hub - CVE-2020-0702

Detailed vulnerability description

How to mitigate CVE-2020-0702

Sources

Please verify you're human