Vulnerability Details : CVE-2020-1538

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1519.

Vulnerability category: Gain privilege

Published 2020-08-17 19:15:19

Updated 2021-07-21 11:39:24

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-1538

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-1538

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-1538

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1538

CVE-2020-1538 | Windows UPnP Device Host Elevation of Privilege Vulnerability
Patch;Vendor Advisory

Products affected by CVE-2020-1538

Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: N/A For X86
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 » Version: 1607 For X64
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 » Version: 1607 For X86
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 » Version: 1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1903
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1909
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 2004
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1903
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1909
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 2004
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions