CVE-2020-1112

CRITICAL

Microsoft Windows 10 - Unrestricted File Upload

Title source: rule

Description

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1112

Scores

CVSS v3 9.9

EPSS 0.0137

EPSS Percentile 80.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (16)

microsoft/windows_10 (2 CPE variants)

microsoft/windows_10 1607 (2 CPE variants)

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_7 (2 CPE variants)

microsoft/windows_8.1 (2 CPE variants)

microsoft/windows_rt_8.1

... and 6 more

Published May 21, 2020

Tracked Since Feb 18, 2026