CVE-2020-12608 – SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
https://notcve.org/view.php?id=CVE-2020-12608
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. Se detectó un problema en SolarWinds MSP PME (Patch Management Engine) Cache Service versiones anteriores a 1.1.15, en el Advanced Monitoring Agent. Posee permisos de archivo no seguros para %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. • https://www.exploit-db.com/exploits/48448 http://packetstormsecurity.com/files/157591/SolarWinds-MSP-PME-Cache-Service-Insecure-File-Permissions-Code-Execution.html http://seclists.org/fulldisclosure/2020/May/23 https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 • CWE-276: Incorrect Default Permissions •