CVE-2020-23967

Published: Mar 8, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.

Affected (2)

Products: Drweb: Security Space

Drweb

1 product

Security Space

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Drweb Security Space	Version 11.0
Drweb Security Space	Version 12.0

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (6)

https://amonitoring.ru/article/drweb/

Source: cve@mitre.org

ExploitThird Party Advisory

https://habr.com/ru/company/pm/blog/509592/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=q7Kqi7kE59U

Source: cve@mitre.org

ExploitThird Party Advisory

https://amonitoring.ru/article/drweb/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://habr.com/ru/company/pm/blog/509592/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=q7Kqi7kE59U

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.