PT-2020-13110 · Splashtop+1 · Splashtop Business+3
Published
2020-05-21
·
Updated
2021-07-21
·
CVE-2020-12431
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splashtop Software Updater versions prior to 1.5.6.16
Splashtop Streamer versions prior to 3.3.8.0
Splashtop Business versions prior to 3.3.8.0
Description
A Windows privilege change issue was discovered in the affected software. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking.
Recommendations
For Splashtop Software Updater versions prior to 1.5.6.16, update to version 1.5.6.16 or later.
For Splashtop Streamer versions prior to 3.3.8.0, update to version 3.3.8.0 or later.
For Splashtop Business versions prior to 3.3.8.0, update to version 3.3.8.0 or later.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splashtop Business
Splashtop Software Updater
Splashtop Streamer
Windows