Attacker Value
Very Low
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability

Disclosure Date: June 09, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability exists in the way the Windows Diagnostics & feedback settings app handles objects in memory, aka ‘Windows Diagnostics & feedback Information Disclosure Vulnerability’.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Technical Analysis

This is more embarrassing for Microsoft than something to worry about from an attacker. I’m curious though what data folks didn’t expect Microsoft to get from something called ‘Windows Diagnostics and Feedback’. I always just assumed it was minidumps in the first place, so plenty was already disclosed. Tricky line to draw in the sand.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • microsoft

Products

  • windows 10 1809,
  • windows 10 1903,
  • windows 10 1909,
  • windows 10 2004,
  • windows server 2016 1903,
  • windows server 2016 1909,
  • windows server 2016 2004,
  • windows server 2019 -

Additional Info

Technical Analysis