// For flags

CVE-2020-23967

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.

Dr.Web Security Space versiones 11 y 12, permiten una elevación de privilegios para usuarios locales sin privilegios administrativos a NT AUTHORITY\SYSTEM debido a un control insuficiente durante la actualización automática

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-13 CVE Reserved
  • 2021-03-08 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Drweb
Search vendor "Drweb"
 Security Space
Search vendor "Drweb" for product "Security Space"
 11.0
Search vendor "Drweb" for product "Security Space" and version "11.0"
-
Affected
Drweb
Search vendor "Drweb"
 Security Space
Search vendor "Drweb" for product "Security Space"
 12.0
Search vendor "Drweb" for product "Security Space" and version "12.0"
-
Affected