PT-2020-20589 · Cryptopro · Cryptopro Csp
Published
2020-10-23
·
Updated
2025-08-12
·
CVE-2020-9331
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CryptoPro CSP versions prior to 5.0.0.10004 on 32-bit platforms
Description
The issue allows local privilege escalation by local users with the SeChangeNotifyPrivilege right due to mishandled user-mode input during process creation. This enables an attacker to write arbitrary data to any location in the kernel's address space.
Recommendations
For CryptoPro CSP versions prior to 5.0.0.10004 on 32-bit platforms, update to a version that addresses the issue of mishandling user-mode input during process creation to prevent local privilege escalation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cryptopro Csp