logo
DATABASE RESOURCES PRICING ABOUT US

Secdo: Privilege escalation via hardcoded script path

Description

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. **Work around:** This issue can be mitigated by : - Ensure unprivileged users do not have 'create folder' access on the root of filesystem such as C:\. or - Creating a folder named C:\Common and ensuring unprivileged users do not have 'create folder' access.


Affected Software


CPE Name Name Version
secdo all versions

Related