CVE-2020-26131

Published: Oct 28, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.

Affected (2)

Products: Open Dhcp Server Project: Open Dhcp Server

Open Dhcp Server Project

1 product

Open Dhcp Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Open Dhcp Server Project Open Dhcp Server	Version 0.1 beta
Open Dhcp Server Project Open Dhcp Server	Version 1.75

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26131.md

Source: cve@mitre.org

https://github.com/an0ry/advisories

Source: cve@mitre.org

ExploitThird Party Advisory

https://sourceforge.net/projects/dhcpserver/

Source: cve@mitre.org

Product

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26131.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/an0ry/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://sourceforge.net/projects/dhcpserver/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.