CVE-2020-1548 | Date: (C)2020-08-12 (M)2024-04-23 |
An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to improperly disclose memory.
The security update addresses the vulnerability by correcting how the Windows WaasMedic Service handles memory.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.8 | CVSS Score : 2.1 |
Exploit Score: 1.8 | Exploit Score: 3.9 |
Impact Score: 5.9 | Impact Score: 2.9 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: LOCAL | Access Vector: LOCAL |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: LOW | Authentication: NONE |
User Interaction: NONE | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: NONE |
Confidentiality: HIGH | Availability: NONE |
Integrity: HIGH | |
Availability: HIGH | |
| |