7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%
CVE-2020-13535
A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.
Kepware LinkMaster 3.0.94.0
<https://www.kepware.com/en-us/products/linkmaster/>
9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-276 - Incorrect Default Permissions
Kepware LinkMaster is a product linking various OPC servers and clients providing a means of communication between current DDE/OPC and legacy clients and applications.
The vulnerability arises due to incorrect defauly permissions set on LinkMasterV3 service which grants Everyone group access to the SERVICE_CHANGE_CONFIG
option allowing anyone to reconfigurethe service in any manner. A local attacker can use this vulnerability to modify the existing service binary to point to an arbitrary executable which will run with NT SYSTEM
privileges.
LinkMasterV3
RW Everyone
SERVICE_QUERY_STATUS
SERVICE_QUERY_CONFIG
SERVICE_CHANGE_CONFIG
SERVICE_START
SERVICE_STOP
RW NT AUTHORITY\SYSTEM
SERVICE_ALL_ACCESS
RW BUILTIN\Administrators
SERVICE_ALL_ACCESS
2020-09-08 - Vendor Disclosure
2020-12-16 - Public Release
Discovered by Yuri Kramarz of Cisco Talos.
Vulnerability Reports Next Report
TALOS-2020-1150
Previous Report
TALOS-2020-1136
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%