Published: 16/10/2020 Updated: 31/12/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles directories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1803
microsoft windows 10 1809
microsoft windows 10 1903
microsoft windows 10 1909
microsoft windows 10 2004

CVE-2020-1571 Windows Setup Elevation of Privileges Bypass 0day UPDATE: Microsoft has patched the bug in october 2020 patch and the following CVE was assigned CVE-2020-16908 Summary: Let's check out what did Microsoft about this vulnerability An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions A locally authenticated attacker

NVD-CWE-noinfo https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16908 https://nvd.nist.gov https://github.com/eduardoacdias/Windows-Setup-EoP

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-16908

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect