CVE-2020-0787

{"id": "CVE-2020-0787", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-03-12T16:15:15.203", "references": [{"url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://packetstormsecurity.com/files/158056/Background-Intelligent-Transfer-Service-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0787", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0787", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'."}, {"lang": "es", "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Windows Background Intelligent Transfer Service (BITS) maneja inapropiadamente los enlaces simb\u00f3licos, tambi\u00e9n se conoce como \"Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability\"."}], "lastModified": "2025-10-29T14:27:17.490", "cisaActionDue": "2022-07-28", "cisaExploitAdd": "2022-01-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC160B20-3EA0-49A0-A857-4E7A1C2D74E2"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A363CE8F-F399-4B6E-9E7D-349792F95DDB"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37097C39-D588-4018-B94D-5EB87B1E3D5A"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "530DF8C9-467C-4F4F-9FCA-CDD934BADF3C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability"}