CVE-2020-0621 Detail Current Description A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'.

View Analysis Description Analysis Description A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 4.4 MEDIUM Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 2.1 LOW Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N) Weakness Enumeration CWE-ID CWE Name Source CWE-613 Insufficient Session Expiration NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 1 change records found show changes Initial Analysis 1/17/2020 1:24:28 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*



Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:N/I:P/A:N)



Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N



Added CWE NIST CWE-613



Changed Reference Type https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621 No Types Assigned



https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621 Patch, Vendor Advisory



Quick Info CVE Dictionary Entry:

CVE-2020-0621

NVD Published Date:

01/14/2020

NVD Last Modified:

01/17/2020

Source:

MITRE

