CVE-2020-24307

Published: Feb 2, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.

Affected (1)

Products: Mremoteng: Mremoteng

Mremoteng

1 product

Mremoteng

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mremoteng Mremoteng	Version 1.76.20

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md

Source: cve@mitre.org

Not Applicable

https://github.com/mRemoteNG/mRemoteNG/issues/2338

Source: cve@mitre.org

https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/mRemoteNG/mRemoteNG/issues/2338

Source: af854a3a-2127-422b-91ae-364da2661108

https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.