CVE-2020-16995 - An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension

CVE-2020-16995

Summary

An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. To exploit this vulnerability, an attacker would have to be present as a user on the affected virtual machine. The security update addresses this vulnerability by correcting how Network Watcher Agent virtual machine extension for Linux executes with elevated privileges.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995

Vulnerable Configurations

cpe:2.3:a:microsoft:network_watcher_agent:-:*:*:*:*:linux:*:*
cpe:2.3:a:microsoft:network_watcher_agent:-:*:*:*:*:linux:*:*

CVSS

Base:	7.2 (as of 31-12-2023 - 20:16)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995

Last major update

31-12-2023 - 20:16

Published

16-10-2020 - 23:15

Last modified

31-12-2023 - 20:16