CVE-2019-1378

CVE Database · CVE-2019-1378

CVE-2019-1378

· HIGHModified

CVSS v3.1

7.8

EPSS

1.22%

Published

Oct 10, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-732

Affected Products (1)

microsoft · windows_10_update_assistantvulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs