CVE-2020-25502
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
Cybereason EDR versión 19.1.282 y superior, 19.2.182 y superior, 20.1.343 y superior, y 20.2.X y superior tienen una vulnerabilidad de secuestro de DLL, que podría permitir a un atacante local ejecutar código con privilegios elevados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-14 CVE Reserved
- 2023-01-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://endpoint.com | Not Applicable |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://cybereason.com | 2023-01-30 | |
| https://www.cybereason.com/cybereason-vulnerability-disclosure | 2023-01-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cybereason Search vendor "Cybereason" | Endpoint Detection And Response Search vendor "Cybereason" for product "Endpoint Detection And Response" | < 19.1.282 Search vendor "Cybereason" for product "Endpoint Detection And Response" and version " < 19.1.282" | - |
Affected
| ||||||
| Cybereason Search vendor "Cybereason" | Endpoint Detection And Response Search vendor "Cybereason" for product "Endpoint Detection And Response" | >= 19.2.0 < 19.2.182 Search vendor "Cybereason" for product "Endpoint Detection And Response" and version " >= 19.2.0 < 19.2.182" | - |
Affected
| ||||||
| Cybereason Search vendor "Cybereason" | Endpoint Detection And Response Search vendor "Cybereason" for product "Endpoint Detection And Response" | >= 20.1.0 < 20.1.343 Search vendor "Cybereason" for product "Endpoint Detection And Response" and version " >= 20.1.0 < 20.1.343" | - |
Affected
| ||||||
| Cybereason Search vendor "Cybereason" | Endpoint Detection And Response Search vendor "Cybereason" for product "Endpoint Detection And Response" | 20.2.0 Search vendor "Cybereason" for product "Endpoint Detection And Response" and version "20.2.0" | - |
Affected
| ||||||