Published: 10/12/2020 Updated: 30/12/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1803
microsoft windows server 2019 -
microsoft windows 10 1809
microsoft windows server 2016 1903
microsoft windows 10 1903
microsoft windows server 2016 1909
microsoft windows 10 1909
microsoft windows server 2016 2004
microsoft windows 10 2004
microsoft windows server 2016 20h2
microsoft windows 10 20h2

This Metasploit module exploits a vulnerability in cldfltsys The Cloud Filter driver on Windows 10 v1803 and later, prior to the December 2020 updates, did not set the IO_FORCE_ACCESS_CHECK or OBJ_FORCE_ACCESS_CHECK flags when calling FltCreateFileEx() and FltCreateFileEx2() within its HsmpOpCreatePlaceholders() function with attacker controlled ...

CVE-2020-17136 exploit

CVE-2020-17136 CVE-2020-17136 exploit 参考 bugschromiumorg/p/project-zero/issues/detail?id=2082&q=CVE-2020-17136 rapid7/metasploit-framework#14585

NVD-CWE-noinfo https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17136 https://nvd.nist.gov https://github.com/xyddnljydd/CVE-2020-17136 https://packetstormsecurity.com/files/160919/Cloud-Filter-Arbitrary-File-Creation-Privilege-Escalation.html

CVE-2020-17136

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect