CVE-2020-13549
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.
Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos del directorio de instalación de Sytech XL Reporter versión v14.0.1. Dependiendo del vector elegido, un atacante puede sobrescribir los ejecutables del servicio y ejecutar código arbitrario con los privilegios del usuario configurado para ejecutar el servicio o reemplazar otros archivos dentro de la carpeta de instalación, lo que permitiría una escalada de privilegios local
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2021-02-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sytech Search vendor "Sytech" | Xlreporter Search vendor "Sytech" for product "Xlreporter" | 14.0.1 Search vendor "Sytech" for product "Xlreporter" and version "14.0.1" | - |
Affected
| ||||||