PT-2021-11514 · Unknown · Simaris Configuration

Published

2021-02-09

Updated

2022-04-29

CVE-2020-28392

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SIMARIS configuration versions prior to V4.0.1

Description: A vulnerability has been identified in SIMARIS configuration. During installation to the default target folder, incorrect permissions are configured for the application folder and subfolders. This could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

Recommendations: For versions prior to V4.0.1, update to version V4.0.1 or later to resolve the issue. As a temporary workaround, consider manually configuring the correct permissions for the application folder and subfolders to prevent potential exploitation. Restrict access to the application folder and subfolders to minimize the risk of privilege escalation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-28392

Affected Products

Simaris Configuration

PT-2021-11514 · Unknown · Simaris Configuration

CVE-2020-28392

Weakness Enumeration

Related Identifiers

Affected Products

References · 4