PT-2024-8943 · Advabuild · Advabuild

Published

2024-07-18

Updated

2024-07-24

CVE-2020-11640

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: AdvaBuild versions 3.0 through 3.7 SP2

Description: The issue is related to insufficient protection of the command queue in AdvaBuild, allowing a remote attacker to exploit it and run any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. This is an Improper Privilege Management issue.

Recommendations: For AdvaBuild versions 3.0 through 3.7 SP2, consider restricting access to the command queue to prevent unauthorized execution of executables until a patch is available. As a temporary workaround, limit the privileges of the AdvaBuild node to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2024-10622

CVE-2020-11640

Affected Products

Advabuild

PT-2024-8943 · Advabuild · Advabuild

CVE-2020-11640

Weakness Enumeration

Related Identifiers

Affected Products

References · 7