TROYANOSYVIRUS
Voltar para CVEs

CVE-2020-0787

HIGHCISA KEV
7.8

Descricao

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

Detalhes CVE

Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado3/12/2020
Ultima modificacao10/29/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft
ProdutoWindows
Nome da vulnerabilidadeMicrosoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Data inclusao KEV2022-01-28
Prazo de remediacao2022-07-28
Uso em ransomwareKnown

Produtos afetados

microsoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_10_1909microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_1803microsoft:windows_server_1903microsoft:windows_server_1909microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Fraquezas (CWE)

CWE-59CWE-59

Referencias

http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787(secure@microsoft.com)
http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.