Archive 10/13/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1626388.17.3Microsoft Windows Kernel memory corruption$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.07CVE-2020-16890
1626376.86.1Microsoft Windows Remote Desktop Protocol information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16896
1626366.86.1Microsoft Windows Remote Desktop Protocol denial of service$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16927
1626356.86.1Microsoft Windows Remote Desktop Service denial of service$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.09CVE-2020-16863
1626347.66.9Microsoft Windows Media Foundation memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.04CVE-2020-16915
1626336.05.4Microsoft Windows Unified Extensible Firmware Interface access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16910
1626327.36.6Microsoft Windows Hyper-V memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.05CVE-2020-1047
1626318.17.3Microsoft Windows Win32k memory corruption$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.02CVE-2020-16913
1626307.06.3Microsoft Windows Kernel Image memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.02CVE-2020-16892
1626295.14.6Microsoft Windows KernelStream information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.02CVE-2020-16889
1626287.06.3Microsoft Windows Installer access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16902
1626278.07.2Microsoft Windows Hyper-V access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16891
1626267.06.3Microsoft Windows Hyper-V denial of service$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2020-1243
1626257.97.1Microsoft Windows NAT memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16894
1626246.76.0Microsoft Windows Error Reporting access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.04CVE-2020-16905
1626237.36.6Microsoft Windows COM Server access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16916
1626226.65.9Microsoft Visual Studio Code Python Extension access control$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2020-16977
1626215.65.0Microsoft PowerShellGet WDAC access control$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2020-16886
1626207.36.6Microsoft Windows Camera Codec Pack memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16968
1626197.36.6Microsoft Windows Camera Codec Pack memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.06CVE-2020-16967
1626187.36.6Microsoft Windows COM Server access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16935
1626177.36.6Microsoft Windows Backup Service access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16976
1626167.36.6Microsoft Windows Jet Database Engine memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.05CVE-2020-16924
1626157.36.8Microsoft Windows Storage VSP Driver access control$25k-$100k$5k-$25kFunctionalOfficial Fix0.05CVE-2020-16885
1626147.06.3Microsoft Windows Network Connections Service memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16887
1626137.66.9Microsoft Windows Hyper-V memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.06CVE-2020-1080
1626127.36.6Microsoft Windows iSCSI Target Service access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.02CVE-2020-16980
1626117.36.6Microsoft Windows Storage Services access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-0764
1626105.75.2Microsoft Windows File Signature Validation signature verification$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.04CVE-2020-16922
1626097.36.6Microsoft Windows Backup Service access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16974
1626087.36.6Microsoft Windows Backup Service access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.02CVE-2020-16973
1626077.36.6Microsoft Windows Backup Service access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16975
1626067.16.4Microsoft Windows Application Compatibility Client Library access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.06CVE-2020-16876
1626056.55.9Microsoft Windows Reparse Point access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.02CVE-2020-16877
1626047.36.6Microsoft Windows Backup Service improper authentication$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16972
1626037.36.6Microsoft Windows Application Compatibility Client Library access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-16920
1626025.14.6Microsoft Windows Text Services Framework information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.09CVE-2020-16921
1626015.14.6Microsoft Windows Enterprise App Management Service information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.05CVE-2020-16919
1626007.36.6Microsoft Windows Error Reporting Manager access control$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16895
1625995.14.6Microsoft Windows NetBIOS over TCP information disclosure$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-16897

Interested in the pricing of exploits?

See the underground prices here!