CVE-2020-13549

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sytech:xlreporter:14.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 05:01

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167 - Exploit, Third Party Advisory

19 Apr 2022, 16:15

Type Values Removed Values Added
CWE CWE-269 CWE-276

Information

Published : 2021-02-19 17:15

Updated : 2024-11-21 05:01


NVD link : CVE-2020-13549

Mitre link : CVE-2020-13549

CVE.ORG link : CVE-2020-13549


JSON object : View

Products Affected

sytech

  • xlreporter
CWE
CWE-276

Incorrect Default Permissions