CVE-2020-13541
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.
Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos del directorio de instalación de Mobile-911 Server versión V2.5. Dependiendo del vector elegido, un atacante puede sobrescribir el ejecutable del servicio y ejecutar código arbitrario con privilegios System o reemplazar otros archivos dentro de la carpeta de instalación que podrían conllevar a una escalada de privilegios local
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2021-01-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1151 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Win911 Search vendor "Win911" | Mobile-911 Server Search vendor "Win911" for product "Mobile-911 Server" | 2.5 Search vendor "Win911" for product "Mobile-911 Server" and version "2.5" | - |
Affected
| ||||||