How severe is CVE-2020-1571?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-1571?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2020-1571 - HIGH Severity | CVSS 7.8

Vulnerability Description

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.

Related Vulnerabilities

CVE-2001-0497

HIGH

CVSS:7.8(High)

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which all...

CWE-2762001

CVE-2002-1844

HIGH

CVSS:7.8(High)

Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileg...

CWE-2762002

CVE-2005-1941

HIGH

CVSS:7.8(High)

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

CWE-2762005

CVE-2014-7302

HIGH

CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

CWE-2762014

CVE-2014-7303

HIGH

CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc...

CWE-2762014

CVE-2015-7378

HIGH

CVSS:7.8(High)

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_...

CWE-2762015