PT-2020-2828 · Microsoft · Connected User Experiences/Telemetry Service+1

Edwardzpeng

Published

2020-05-12

Updated

2021-07-21

CVE-2020-1084

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Connected User Experiences and Telemetry Service (affected versions not specified)

Description A Denial Of Service issue exists due to the Connected User Experiences and Telemetry Service's failure to properly validate certain function values. An attacker who successfully exploits this could deny dependent security feature functionality. To exploit, an attacker must log on to an affected system and run a specially crafted application. The issue is related to insufficient permission validation for a critical resource.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Incorrect Permission

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-20

Related Identifiers

BDU:2020-02982

CVE-2020-1084

Affected Products

Connected User Experiences/Telemetry Service

Windows

PT-2020-2828 · Microsoft · Connected User Experiences/Telemetry Service+1

CVE-2020-1084

Weakness Enumeration

Related Identifiers

Affected Products

References · 6