CVE-2020-16995 - OpenCVE

<p>An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with elevated privileges.</p> <p>To exploit this vulnerability, an attacker would have to be present as a user on the affected virtual machine.</p> <p>The security update addresses this vulnerability by correcting how Network Watcher Agent virtual machine extension for Linux executes with elevated privileges.</p>

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Network Watcher Agent

Configuration 1 [-]

cpe:2.3:a:microsoft:network_watcher_agent:-:*:*:*:*:linux:*:*

No data.

References

Link	Providers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2020-10-16T22:18:11

Updated: 2024-08-04T13:45:34.871Z

Reserved: 2020-08-04T00:00:00

Link: CVE-2020-16995

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-16T23:15:17.290

Modified: 2023-12-31T20:16:01.050

Link: CVE-2020-16995

Redhat

No data.

{"containers": {"cna": {"title": "Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability", "datePublic": "2020-10-13T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Network Watcher Agent virtual machine extension for Linux", "cpes": ["cpe:2.3:a:microsoft:network_watcher_agent:-:*:*:*:*:linux:*:*"], "platforms": ["Unknown"], "versions": [{"version": "0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "<p>An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with elevated privileges.</p>\n<p>To exploit this vulnerability, an attacker would have to be present as a user on the affected virtual machine.</p>\n<p>The security update addresses this vulnerability by correcting how Network Watcher Agent virtual machine extension for Linux executes with elevated privileges.</p>\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-31T19:20:01.291Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:45:34.871Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-16995", "datePublished": "2020-10-16T22:18:11", "dateReserved": "2020-08-04T00:00:00", "dateUpdated": "2024-08-04T13:45:34.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:network_watcher_agent:-:*:*:*:*:linux:*:*", "matchCriteriaId": "E063686E-F723-45EF-A025-73E1A2B49F73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "<p>An elevation of privilege vulnerability exists in Network Watcher Agent virtual machine extension for Linux. An attacker who successfully exploited this vulnerability could execute code with elevated privileges.</p>\n<p>To exploit this vulnerability, an attacker would have to be present as a user on the affected virtual machine.</p>\n<p>The security update addresses this vulnerability by correcting how Network Watcher Agent virtual machine extension for Linux executes with elevated privileges.</p>\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios en la extensi\u00f3n de m\u00e1quina virtual de Network Watcher Agent para Linux, tambi\u00e9n se conoce como \"Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability\""}], "id": "CVE-2020-16995", "lastModified": "2023-12-31T20:16:01.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-10-16T23:15:17.290", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16995"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}