PT-2021-10149 · Satoshilabs · Trezor Bridge

Published

2021-07-26

Updated

2021-08-03

CVE-2020-18172

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Trezor Bridge version 2.0.27

Description: A code injection vulnerability in the SeDebugPrivilege component allows attackers to escalate privileges.

Recommendations: For Trezor Bridge version 2.0.27, update to a version that fixes the code injection vulnerability in the SeDebugPrivilege component to prevent privilege escalation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-18172

Affected Products

Trezor Bridge

PT-2021-10149 · Satoshilabs · Trezor Bridge

CVE-2020-18172

Weakness Enumeration

Related Identifiers

Affected Products

References · 5