An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jul 2024, 16:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:* |
| CWE | ||
| First Time |
Microsoft windows 10 1909
Microsoft windows 10 1803 Microsoft windows 10 1507 Microsoft windows 10 1709 Microsoft windows Server 1903 Microsoft windows Server 1909 Microsoft windows 10 1809 Microsoft windows Server 1803 Microsoft windows 10 1607 Microsoft windows 10 1903 |
|
| References | () http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry |
12 Jul 2022, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-59 |
Information
Published : 2020-03-12 16:15
Updated : 2024-07-24 16:47
NVD link : CVE-2020-0787
Mitre link : CVE-2020-0787
CVE.ORG link : CVE-2020-0787
JSON object : View
Products Affected
microsoft
- windows_10_1903
- windows_10_1803
- windows_10_1909
- windows_8.1
- windows_server_2012
- windows_server_2016
- windows_10_1507
- windows_7
- windows_10_1709
- windows_10_1809
- windows_server_1803
- windows_server_1903
- windows_10_1607
- windows_server_2019
- windows_server_2008
- windows_server_1909
- windows_rt_8.1
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')