PT-2020-20609 · Cryptopro · Cryptopro Csp

Published

2020-10-23

Updated

2021-07-21

CVE-2020-9361

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions CryptoPro CSP versions through 5.0.0.10004 on 64-bit platforms

Description The issue allows local users with the SeChangeNotifyPrivilege right to cause denial of service. This is because user-mode input is mishandled during process creation.

Recommendations For CryptoPro CSP versions through 5.0.0.10004 on 64-bit platforms, consider restricting the SeChangeNotifyPrivilege right to prevent local users from exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-9361

Affected Products

Cryptopro Csp

PT-2020-20609 · Cryptopro · Cryptopro Csp

CVE-2020-9361

Related Identifiers

Affected Products

References · 3