PT-2020-3293 · Kaspersky · Kaspersky Security Center+2
Eran Shimony
·
Published
2020-07-29
·
Updated
2020-10-06
·
CVE-2020-25045
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kaspersky Security Center versions prior to 12 Patch A
Kaspersky Security Center Web Console versions prior to 12 Patch A
Description
The issue is related to errors in the mechanism for checking the path to dynamically loaded libraries (DLL), which can be exploited to elevate privileges in the system. This can allow an attacker to perform a DLL hijacking attack.
Recommendations
For Kaspersky Security Center versions prior to 12 Patch A, update to version 12 Patch A or later to resolve the issue.
For Kaspersky Security Center Web Console versions prior to 12 Patch A, update to version 12 Patch A or later to resolve the issue.
As a temporary workaround, consider restricting access to the vulnerable DLL loading mechanism to minimize the risk of exploitation.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaspersky Anti-Virus
Kaspersky Security Center
Kaspersky Security Center Web Console