An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1150 | Exploit Technical Description Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1150 | Exploit Technical Description Third Party Advisory |
Configurations
History
21 Nov 2024, 05:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2020-1150 - Exploit, Technical Description, Third Party Advisory |
19 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-276 |
Information
Published : 2021-01-05 16:15
Updated : 2024-11-21 05:01
NVD link : CVE-2020-13540
Mitre link : CVE-2020-13540
CVE.ORG link : CVE-2020-13540
JSON object : View
Products Affected
win911
- win-911
CWE
CWE-276
Incorrect Default Permissions