CVE-2020-1416

CVE Database · CVE-2020-1416

CVE-2020-1416

· HIGHModified

CVSS v3.1

8.8

EPSS

5.86%

Published

Jul 14, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269

Affected Products (7)

microsoft · azure_storage_explorervulnerable

microsoft · typescriptvulnerable

microsoft · visual_studio_2017 (up to 15.9.25)vulnerable

microsoft · visual_studio_2019 (up to 16.0.16)vulnerable

microsoft · visual_studio_2019 (up to 16.4.11)vulnerable

microsoft · visual_studio_2019 (up to 16.6.4)vulnerable

microsoft · visual_studio_code (up to 1.47.1)vulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs