CVE-2020-1578

Опубликовано: 17 авг. 2020

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1578
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00378

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-1578

CVSS3: 5.5

msrc

около 5 лет назад

Windows Kernel Information Disclosure Vulnerability

GHSA-gvwc-32h3-8jq6

CVSS3: 4.7

github

больше 3 лет назад

BDU:2020-04064

CVSS3: 4.7

fstec

около 5 лет назад

Уязвимость ядра операционной системы Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 59%

0.00378

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-noinfo