CVE-2020-12798 – Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation

https://notcve.org/view.php?id=CVE-2020-12798

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. Cellebrite UFED versiones 5.0 hasta 7.5.0.845, implementa políticas de sistema operativo local que pueden ser evitadas para obtener un símbolo del sistema por medio del cuadro de diálogo de archivos de Windows que es accesible mediante la opción Certificate-Based Authentication de la pantalla Wireless Network Connection. • http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html https://github.com/thatguylevel https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt https://korelogic.com/advisories.html https://twitter.com/thatguylevel • CWE-269: Improper Privilege Management •