PT-2021-9619 · Unknown · Dream Report

Yuri Kramarz

Published

2021-04-09

Updated

2022-07-30

CVE-2020-13533

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dream Report version 5 R20-2

Description A privilege escalation issue exists, allowing attackers to abuse registry keys that reference binaries with weak permissions. This can lead to backdooring the installation files and escalating privileges when a new user logs in and uses the application.

Recommendations For Dream Report version 5 R20-2, consider restricting access to the registry keys that reference binaries with weak permissions to minimize the risk of exploitation. Additionally, review and secure the permissions of the referenced binaries to prevent abuse.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-13533

Affected Products

Dream Report

PT-2021-9619 · Unknown · Dream Report

CVE-2020-13533

Weakness Enumeration

Related Identifiers

Affected Products

References · 3