CVE-2020-13770
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’).
Varios servicios están accediendo a canalizaciones nombradas en Ivanti Endpoint Manager versiones hasta 2020.1.1, con atributos de seguridad predeterminados o excesivamente permisivos; como estos servicios se ejecutan como usuario "NT AUTHORITY\SYSTEM", el problema puede ser usado para escalar privilegios desde una cuenta de servicio o estándar local que tenga SeImpersonatePrivilege (por ejemplo, usuario "NT AUTHORITY\NETWORK SERVICE')
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-02 CVE Reserved
- 2020-11-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ivanti Search vendor "Ivanti" | Endpoint Manager Search vendor "Ivanti" for product "Endpoint Manager" | <= 2020.1.1 Search vendor "Ivanti" for product "Endpoint Manager" and version " <= 2020.1.1" | - |
Affected
| ||||||