Lucene search

TalosCVELIST:CVE-2020-13542

HistoryDec 03, 2020 - 4:24 p.m.

CVE-2020-13542

2020-12-0316:24:27

talos

www.cve.org

vulnerability

local privilege elevation

file system permissions

logicaldoc 8.5.1

arbitrary commands

system privileges

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

20.2%

JSON

A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.

CNA Affected

[
  {
    "product": "LogicalDoc",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "LogicalDoc 8.5.1"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1154

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

20.2%

JSON

Related for CVELIST:CVE-2020-13542