admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-158xx/CVE-2020-15843.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

114 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-15843",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-24T23:15:13.900",
"lastModified": "2024-11-21T05:06:18.263",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\\ActiveFax\\Client\\, %PROGRAMFILES%\\ActiveFax\\Install\\ and %PROGRAMFILES%\\ActiveFax\\Terminal\\. The folder permissions allow \"Full Control\" to \"Everyone\". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client."
},
{
"lang": "es",
"value": "ActFax Versi\u00f3n 7.10 Build 0335 (2020-05-25) es susceptible a una vulnerabilidad de escalada de privilegios debido a permisos de carpeta inseguros en %PROGRAMFILES%%ActiveFax\\NCliente, %PROGRAMFILES%ActiveFax\\NInstalaci\u00f3n y %PROGRAMFILES%ActiveFaxTerminal. Los permisos de la carpeta permiten \"Control total\" a \"Todos\". Un atacante local autentificado puede explotar esto para reemplazar el binario TSClientB.exe en el directorio de la Terminal, que se ejecuta al iniciar la sesi\u00f3n para cada usuario. Alternativamente, el atacante puede reemplazar cualquiera de los binarios en los directorios Cliente o Instalaci\u00f3n. Este \u00faltimo requiere una interacci\u00f3n adicional del usuario, por ejemplo, iniciar el cliente"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"baseScore": 4.4,
"accessVector": "LOCAL",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:actfax:actfax:7.10:build_0335:*:*:*:*:*:*",
"matchCriteriaId": "9E4AC68F-85A0-4920-9105-DB0B954EACC0"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.to.com/advisory-actfax-7-10-build-0335-privilege-escalation-cve-2020-15843/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://blog.to.com/advisory-actfax-7-10-build-0335-privilege-escalation-cve-2020-15843/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink