Lucene search

MitreCVE-2020-13866

HistoryJun 08, 2020 - 4:15 p.m.

CVE-2020-13866

2020-06-0816:15:10

CWE-732

mitre

web.nvd.nist.gov

cve-2020-13866

wingate

insecure permissions

local users

privileges

executable file

trojan horse

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.

Affected configurations

Nvd

Node

qbikwingateMatch9.4.1.5998

VendorProductVersionCPE
qbikwingate9.4.1.5998cpe:2.3:a:qbik:wingate:9.4.1.5998:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qbik	wingate	9.4.1.5998	cpe:2.3:a:qbik:wingate:9.4.1.5998:::::::*

References

hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt

packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html

seclists.org/fulldisclosure/2020/Jun/11

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

24.1%

JSON

Related for CVE-2020-13866