New Search

OpenSSH for Windows Elevation of Privilege Vulnerability - CVE-2020-1292

oval:org.cisecurity:def:7749

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings. An attacker who successfully exploited this vulnerability could replace the shell with a malicious binary. To exploit this vulnerability an authenticated attacker would need to modify the OpenSSH for Windows configuration on a vulnerable system. The attacker would then need to convince a user to connect to the vulnerable OpenSSH for Windows server. The update addresses the vulnerability by restricting access to OpenSSH for Windows configuration settings.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2019
  • Microsoft Windows 10
Class:
vulnerability
Reference(s):
  • CVE-2020-1292
  • MSRC-CVE-2020-1292
  • KB4561621
  • KB4561608
  • KB4560960
Product(s):