CVE-2020-9759
webOS TV Emulator privilege escalation vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.
Una vulnerabilidad del emulador de TV de LG Electronic web OS podría permitir a un atacante escalar privilegios y sobrescribir ciertos archivos. Esta vulnerabilidad se debe a una configuración incorrecta del entorno. Un atacante podría explotar esta vulnerabilidad a través de archivos de configuración y archivos ejecutables manipulados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-02 CVE Reserved
- 2020-03-23 CVE Published
- 2024-02-11 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-494: Download of Code Without Integrity Check
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|