CVE-2020-1416

CVE

High

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual St…

CVSS

8.8

High

EPSS

0.06

p92

Published

2020-01-01

Updated

2020-01-01

Description

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

Tags · CWE

Pre-auth

CWE-269

CAPEC-58

CAPEC-122

CAPEC-233

Affected products

Azure_storage_explorerTypescriptVisual_studio_2017 15.0–15.9.25Visual_studio_2019 16.0–16.0.16Visual_studio_2019 16.1–16.4.11Visual_studio_2019 16.5–16.6.4Visual_studio_code < 1.47.1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2020-01-01

Published

2020-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.059 · p92

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1548Abuse Elevation Control Mechanism

└ via CAPEC-122 · CWE-269

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Microsoft

Visual Studio Code Visual Studio 2019 Visual Studio 2017 Azure Storage Explorer Typescript

Product	Vendor	Status
azure_storage_explorer	*	Tracked
typescript	*	Tracked
visual_studio_2017	*	Tracked
visual_studio_2019	*	Tracked
visual_studio_code	*	Tracked

Source databases

CVE

Related vulnerabilities

BDU:2020-03483