CVE-2020-3427 (CNNVD-202010-633)
中文标题:
Microsoft Windows 安全漏洞
英文标题:
Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability
漏洞描述
中文描述:
Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Duo Authentication Windows Logon 和 RDP implementation存在安全漏洞,该漏洞源于在实现的双重身份验证中存在特权升级漏洞。本地攻击者可利用该漏洞覆盖特权目录中的文件。
英文描述:
The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Duo Authentication for Windows Logon and RDP | - | < 4.1.2 | - |
cpe:2.3:a:cisco:duo_authentication_for_windows_logon_and_rdp:*:*:*:*:*:*:*:*
|
| cisco | duo_authentication_for_windows_logon_and_rdp | * | - | - |
cpe:2.3:a:cisco:duo_authentication_for_windows_logon_and_rdp:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-3427 |
2025-11-11 15:20:37 | 2025-11-11 07:36:19 |
| NVD | nvd_CVE-2020-3427 |
2025-11-11 14:57:04 | 2025-11-11 07:44:43 |
| CNNVD | cnnvd_CNNVD-202010-633 |
2025-11-11 15:10:31 | 2025-11-11 07:56:29 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202010-633
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']