CVE-2020-11799

Published: Apr 15, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to.

Affected (1)

Products: Z Cron: Z Cron

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Z Cron Z Cron	Version 5.6 build_04

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://blog.spookysec.net/zcron/

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.spookysec.net/zcron/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.