CVE-2020-13866 – WinGate 9.4.1.5998 - Insecure Folder Permissions

https://notcve.org/view.php?id=CVE-2020-13866

WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. WinGate versión v9.4.1.5998, presenta permisos no seguros para el directorio de instalación, lo que permite a usuarios locales alcanzar privilegios mediante el reemplazo de un archivo ejecutable con uno de tipo caballo de Troya WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation. • https://www.exploit-db.com/exploits/48573 http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.txt http://packetstormsecurity.com/files/157958/WinGate-9.4.1.5998-Insecure-Permissions-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Jun/11 • CWE-732: Incorrect Permission Assignment for Critical Resource •