CVE-2020-1025 (GCVE-0-2020-1025)

Vulnerability from cvelistv5 – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
VLAI?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Severity ?
No CVSS data available.
CWE
  • Elevation of Privilege
Assigner
References
Impacted products
Vendor Product Version
Microsoft Skype for Business Server 2019 CU2 Affected: 7.0.0 , < publication (custom)
    cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*
 Create a notification for this product.
    Microsoft Skype for Business Server 2015 CU 8 Affected: 2015 CU 8 , < publication (custom)
    cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*
 Create a notification for this product.
    Microsoft Microsoft Lync Server 2013 Affected: 0 , < publication (custom)
    cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
 Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < publication (custom)
    cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
 Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < publication (custom)
    cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
 Create a notification for this product.
    Microsoft Microsoft SharePoint Foundation 2013 Service Pack 1 Affected: 15.0.0 , < publication (custom)
    cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:24:59.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Skype for Business Server 2019  CU2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Skype for Business Server 2015 CU 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "2015 CU 8",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Lync Server 2013",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-07-14T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T20:54:51.253Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
        }
      ],
      "title": "Microsoft Office Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1025",
    "datePublished": "2020-07-14T22:53:56",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:24:59.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57F4F185-8709-4846-B017-A09C7A0D58B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C082CC4-6128-475D-BC19-B239E348FDB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F71184B1-7461-4A05-A5D2-03D9EDDC30D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:skype_for_business:2015:cumulative_update_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CE0C9B4-FCB1-4A31-84DA-09756C93FDAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"38ABD417-45D5-4212-BC19-929B71E6D1D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\\nTo exploit this vulnerability, an attacker would need to modify the token.\\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\\n\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de elevaci\\u00f3n de privilegios cuando Microsoft SharePoint Server y Skype for Business Server manejan inapropiadamente la comprobaci\\u00f3n de del token de OAuth, tambi\\u00e9n se conoce como \\\"Microsoft Office Elevation of Privilege Vulnerability\\\"\"}]",
      "id": "CVE-2020-1025",
      "lastModified": "2024-11-21T05:09:35.097",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-07-14T23:15:11.447",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1025\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-07-14T23:15:11.447\",\"lastModified\":\"2024-11-21T05:09:35.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\\nTo exploit this vulnerability, an attacker would need to modify the token.\\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\\n\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando Microsoft SharePoint Server y Skype for Business Server manejan inapropiadamente la comprobaci\u00f3n de del token de OAuth, tambi\u00e9n se conoce como \\\"Microsoft Office Elevation of Privilege Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F4F185-8709-4846-B017-A09C7A0D58B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C082CC4-6128-475D-BC19-B239E348FDB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71184B1-7461-4A05-A5D2-03D9EDDC30D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:skype_for_business:2015:cumulative_update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CE0C9B4-FCB1-4A31-84DA-09756C93FDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"38ABD417-45D5-4212-BC19-929B71E6D1D2\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.