PT-2020-16305 · Open · Open Dhcp Server
Published
2020-10-28
·
Updated
2023-02-27
·
CVE-2020-26131
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open DHCP Server (Regular) version 1.75
Open DHCP Server (LDAP Based) version 0.1Beta
Description
The issue is related to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges. This can be achieved by replacing the
OpenDHCPServer.exe binary in the Regular version or the OpenDHCPLdap.exe binary in the LDAP Based version.Recommendations
For Open DHCP Server (Regular) version 1.75, restrict access to the default installation directory to prevent unauthorized replacement of the
OpenDHCPServer.exe binary.
For Open DHCP Server (LDAP Based) version 0.1Beta, restrict access to the default installation directory to prevent unauthorized replacement of the OpenDHCPLdap.exe binary.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Dhcp Server