PT-2020-13609 · Logicaldoc · Logicaldoc

Published

2020-12-03

Updated

2022-06-07

CVE-2020-13542

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LogicalDoc version 8.5.1

Description A local privilege elevation issue exists in the file system permissions of the LogicalDoc installation. An attacker can replace the service binary or DLL files loaded by the service, which are executed by a service, thus executing arbitrary commands with System privileges.

Recommendations For LogicalDoc version 8.5.1, consider restricting access to the service binary and DLL files loaded by the service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-13542

Affected Products

Logicaldoc

PT-2020-13609 · Logicaldoc · Logicaldoc

CVE-2020-13542

Weakness Enumeration

Related Identifiers

Affected Products

References · 4