VDB

CVE-2020-0899

CVE-2020-0899 PUBLISHED CVSS 5.5 MEDIUM

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.

EPSS 0.25% · 48.3th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.25%
48.3th percentile

Affected Products

VendorProductVersions
MicrosoftMicrosoft Visual Studio 2019 version 16.5*
MicrosoftMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)unspecified
MicrosoftMicrosoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)*
MicrosoftN/A
microsoftvisual_studio_201715.9
microsoftvisual_studio_201916.5.0, 16.4, 16.0
MicrosoftMicrosoft Visual Studio 201916.0

Exploit Intelligence

Timeline

  • Apr 15, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›