An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2021-02-19T16:54:44
Updated: 2021-02-19T16:54:44
Reserved: 2020-05-26T00:00:00
Link: CVE-2020-13549
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-19T17:15:13.047
Modified: 2022-10-06T18:58:18.333
Link: CVE-2020-13549
JSON object: View
Redhat Information
No data.
CWE