CVE-2020-15261

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:veyon:veyon:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:05

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html - Exploit, Third Party Advisory, VDB Entry
References () https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1 - Patch, Third Party Advisory () https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1 - Patch, Third Party Advisory
References () https://github.com/veyon/veyon/issues/657 - Issue Tracking, Third Party Advisory () https://github.com/veyon/veyon/issues/657 - Issue Tracking, Third Party Advisory
References () https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp - Third Party Advisory () https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp - Third Party Advisory
References () https://www.exploit-db.com/exploits/48246 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/48246 - Exploit, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/49925 - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/49925 - Exploit, Third Party Advisory, VDB Entry
CVSS v2 : 7.2
v3 : 6.7
v2 : 7.2
v3 : 8.0

18 Oct 2022, 20:13

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 6.7
v2 : 7.2
v3 : 6.7
References (MISC) https://www.exploit-db.com/exploits/49925 - (MISC) https://www.exploit-db.com/exploits/49925 - Exploit, Third Party Advisory, VDB Entry
References (MISC) http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html - (MISC) http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://www.exploit-db.com/exploits/48246 - (MISC) https://www.exploit-db.com/exploits/48246 - Exploit, Third Party Advisory, VDB Entry

18 Jun 2021, 12:15

Type Values Removed Values Added
References
  • (MISC) https://www.exploit-db.com/exploits/48246 -

18 Jun 2021, 11:15

Type Values Removed Values Added
References
  • (MISC) https://www.exploit-db.com/exploits/49925 -

01 Jun 2021, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html -

Information

Published : 2020-10-19 22:15

Updated : 2024-11-21 05:05


NVD link : CVE-2020-15261

Mitre link : CVE-2020-15261

CVE.ORG link : CVE-2020-15261


JSON object : View

Products Affected

veyon

  • veyon

microsoft

  • windows
CWE
CWE-428

Unquoted Search Path or Element