CVE-2020-15592
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved.
SteelCentral Aternity Agent versiones anteriores a 0.0.120 en Windows permite una escalada de privilegios por medio de un archivo diseñado. Usa un ejecutable que se ejecuta como un servicio de Windows muy privilegiado para llevar a cabo tareas administrativas y recopilar datos de otros procesos. Distribuye la funcionalidad entre diferentes procesos y utiliza primitivas IPC (Inter-Process Communication) para permitir a los procesos cooperar. Los métodos que se pueden llamar remotamente desde objetos remotos disponibles por medio de la comunicación entre procesos permiten cargar plugins arbitrarios (es decir, ensamblajes de C#) desde el directorio "% PROGRAMFILES (X86)%/Aternity Information Systems/Assistant/plugins", donde el nombre del plugin es pasado como parte de un objeto serializado en XML. Sin embargo, debido a que el nombre de la DLL está concatenado con la cadena ".\plugins", Se presenta una vulnerabilidad de salto directorio en la manera en que los plugins son resueltos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-07 CVE Reserved
- 2020-07-24 CVE Published
- 2023-04-12 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Riverbed Search vendor "Riverbed" | Steelcentral Aternity Agent Search vendor "Riverbed" for product "Steelcentral Aternity Agent" | < 11.0.0.120 Search vendor "Riverbed" for product "Steelcentral Aternity Agent" and version " < 11.0.0.120" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|