CVE-2020-16938 - An information disclosure vulnerability exists when the Windows kernel improperly handles objects

CVE-2020-16938

Summary

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16938

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 31-12-2023 - 20:15)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16938

Last major update

31-12-2023 - 20:15

Published

16-10-2020 - 23:15

Last modified

31-12-2023 - 20:15