| CVE-2020-1590 | Date: (C)2020-09-10 (M)2024-03-06 |
An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.
To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.
The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V3 Severity: | CVSS V2 Severity: |
| CVSS Score : 6.6 | CVSS Score : 7.2 |
| Exploit Score: 1.8 | Exploit Score: 3.9 |
| Impact Score: 4.7 | Impact Score: 10.0 |
| |
| CVSS V3 Metrics: | CVSS V2 Metrics: |
| Attack Vector: LOCAL | Access Vector: LOCAL |
| Attack Complexity: LOW | Access Complexity: LOW |
| Privileges Required: LOW | Authentication: NONE |
| User Interaction: NONE | Confidentiality: COMPLETE |
| Scope: UNCHANGED | Integrity: COMPLETE |
| Confidentiality: HIGH | Availability: COMPLETE |
| Integrity: LOW | |
| Availability: LOW | |
| | |
