PT-2020-3412 · Secdo · Secdo For Windows

Eviatar Gerzi

Published

2020-04-08

Updated

2020-04-10

CVE-2020-1984

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Secdo for Windows (affected versions not specified)

Description The issue is due to insufficient input validation, allowing a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:) to gain system privileges if a specific hardcoded path does not already exist or is writable. This can be exploited by creating folders or adding data to the root of the OS disk, potentially leading to elevated system privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-20

Related Identifiers

BDU:2020-03735

CVE-2020-1984

Affected Products

Secdo For Windows

PT-2020-3412 · Secdo · Secdo For Windows

CVE-2020-1984

Weakness Enumeration

Related Identifiers

Affected Products

References · 3