Lucene search

TalosCVELIST:CVE-2020-13539

HistoryJan 05, 2021 - 3:42 p.m.

CVE-2020-13539

2021-01-0515:42:47

CWE-276

talos

www.cve.org

exploitable

file system permissions

win-911 enterprise

win-911 mobile runtime

escalation of privileges

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

18.0%

JSON

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

CNA Affected

[
  {
    "product": "Win-911",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Win-911 Enterprise V4.20.13"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1150

www.talosintelligence.com/vulnerability_reports/TALOS-2020-1150

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2020-13539