{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T12:16:13.804","vulnerabilities":[{"cve":{"id":"CVE-2020-0638","sourceIdentifier":"secure@microsoft.com","published":"2020-01-14T23:15:32.503","lastModified":"2025-10-29T14:33:40.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'."},{"lang":"es","value":"Se presenta una vulnerabilidad de elevación de privilegios en la manera en que el Update Notification Manager maneja los archivos. Para explotar esta vulnerabilidad, un atacante primero tendría que conseguir una ejecución sobre el sistema víctima, también se conoce como \"Update Notification Manager Elevation of Privilege Vulnerability\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-05-23","cisaActionDue":"2022-06-13","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Microsoft Update Notification Manager Privilege Escalation Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*","matchCriteriaId":"555C22C7-356D-4DA7-8CED-DA7423BBC6CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*","matchCriteriaId":"469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*","matchCriteriaId":"40151476-C0FD-4336-8194-039E8827B7C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*","matchCriteriaId":"D82F8AF7-ED01-4649-849E-F248F0E02384"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*","matchCriteriaId":"73D24713-D897-408D-893B-77A61982597D"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*","matchCriteriaId":"306B7CE6-8239-4AED-9ED4-4C9F5B349F58"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*","matchCriteriaId":"345FCD64-D37B-425B-B64C-8B1640B7E850"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:*","matchCriteriaId":"9E1ED169-6F03-4BD5-B227-5FA54DB40AD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*","matchCriteriaId":"5C5B5180-1E12-45C2-8275-B9E528955307"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:*","matchCriteriaId":"B6A0DB01-49CB-4445-AFE8-57C2186857BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:*","matchCriteriaId":"9285A9B5-4759-43E7-9589-CDBCA7100605"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*","matchCriteriaId":"0D77EA14-F61D-4B9E-A385-70B88C482116"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x86:*","matchCriteriaId":"1A6FC9EE-D486-4AFE-A20E-4278468A1779"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*","matchCriteriaId":"37097C39-D588-4018-B94D-5EB87B1E3D5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*","matchCriteriaId":"530DF8C9-467C-4F4F-9FCA-CDD934BADF3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*","matchCriteriaId":"ADE7E7B1-64AC-4986-A50B-0918A42C05BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*","matchCriteriaId":"DB79EE26-FC32-417D-A49C-A1A63165A968"}]}]}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0638","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}