#VU25251 Security Features

Published: 2020-02-11

Vulnerability identifier: #VU25251

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0702


Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Microsoft Surface Hub
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: Microsoft

This vulnerability allows a local attacker to bypass security rescritions feature.

The vulnerability exists in Surface Hub when prompting for credentials. An attacker with physical access can access settings which are restricted to Administrators.

Install updates from vendor's website.

Vulnerable software versions

Microsoft Surface Hub: All versions


External links

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability