CVE-2020-13542

Published: Dec 3, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.

Affected (1)

Products: Logicaldoc: Logicaldoc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Logicaldoc Logicaldoc	Version 8.5.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.