Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTalosCVELIST:CVE-2020-13549
HistoryFeb 19, 2021 - 4:54 p.m.

CVE-2020-13549

2021-02-1916:54:44
CWE-276
talos
www.cve.org
5
sytech xl reporter
local privilege escalation
file system permissions
arbitrary code
installation folder
cve-2020-13549

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.

CNA Affected

[
  {
    "product": "Sytech",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Sytech XL Reporter v14.0.1"
      }
    ]
  }
]

Related

prion 1
talos 1
nvd 1
cve 1
prion
prion
Privilege escalation
2021-02-19 17:15:00
talos
talos
Sytech XL reporter installation privilege escalation vulnerability
2021-02-19 00:00:00
nvd
nvd
CVE-2020-13549
2021-02-19 17:15:13
cve
cve
CVE-2020-13549
2021-02-19 17:15:13

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

JSON
Related for CVELIST:CVE-2020-13549
prion1talos1nvd1cve1