CVE-2020-1984

EPSS 0.13%
Veröffentlicht 08.04.2020 19:15:13
Zuletzt bearbeitet 21.11.2024 05:11:47
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Secdo

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.328

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@paloaltonetworks.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://security.paloaltonetworks.com/CVE-2020-1984

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1984

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1984

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1984

EUVD