PT-2021-11389 · Blizzard · Battle.Net

George Tsimpidas

Published

2021-06-09

Updated

2021-06-17

CVE-2020-27383

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Battle.Net version 1.27.1.12428

Description: The issue arises from a weak set of permissions granted to the Authenticated Users Group, which allows an authenticated user to modify the existing executable file with a binary of their choice, effectively elevating privileges. This is due to the group being granted the (F) Flag aka Full Control.

Recommendations: For Battle.Net version 1.27.1.12428, consider restricting the permissions granted to the Authenticated Users Group to prevent elevation of privileges, specifically removing the (F) Flag aka Full Control to mitigate the risk of exploitation.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2020-27383

Affected Products

Battle.Net

PT-2021-11389 · Blizzard · Battle.Net

CVE-2020-27383

Weakness Enumeration

Related Identifiers

Affected Products

References · 3