CVE-2020-1476

medium

Microsoft

CVSS v3 Base Score

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

1.0%

Exploitation probability in 30 days

Top 23% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: August 17, 2020 (2096 days ago)

Last Modified: February 23, 2026

Vendor: Microsoft

Description

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.

CWE

NVD-CWE-noinfo

Affected Products

microsoft .net framework

References

🔗 portal.msrc.microsoft.com 🔗 portal.msrc.microsoft.com

CVE-2020-1476

Vulnerability Report

Description

CWE

Affected Products

References