PT-2020-14661 · Connectwise · Connectwise Automate
Published
2020-10-09
·
Updated
2021-07-21
·
CVE-2020-15838
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ConnectWise Automate versions prior to 2020.8
Description
The issue concerns weak permissions in the LTUPDATE folder within the Agent Update System, allowing for privilege escalation.
Recommendations
For versions prior to 2020.8, update to version 2020.8 or later to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connectwise Automate