#Windows Admin Center

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This attack requires a admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.