CVE-2020-0676 Information

Description

An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory. aka ‘Windows Key Isolation Service Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2020-0675 CVE-2020-0677 CVE-2020-0748 CVE-2020-0755 CVE-2020-0756.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0676

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5