CVE-2020-7352

Exploit

EPSS 10.73%
Veröffentlicht 06.08.2020 16:15:13
Zuletzt bearbeitet 21.11.2024 05:37:06
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gog ≫ Galaxy SwPlatformwindows Version >= 1.2.0 <= 1.2.64

Gog ≫ Galaxy SwPlatformwindows Version >= 2.0.0 <= 2.0.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.73%	0.93

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
cve@rapid7.com	8.4	2	5.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/rapid7/metasploit-framework/pull/13444

Patch

Third Party Advisory

https://www.positronsecurity.com/blog/2020-04-28-gog-galaxy-client-local-privilege-escalation/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-7352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7352

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7352