9.3
CVE-2020-13535
- EPSS 0.66%
- Veröffentlicht 18.12.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:01:26
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kepware ≫ Linkmaster Version3.0.94.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.467 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| talos-cna@cisco.com | 9.3 | 2.5 | 6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1147