CVE-2020-14418 - OpenCVE

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Advanced Malware Protection
Madshi	Madcodehook
Morphisec	Unified Threat Prevention Platform

Configuration 1 [-]

OR	cpe:2.3:a:cisco:advanced_malware_protection::::::::
	cpe:2.3:a:madshi:madcodehook::::::::
	cpe:2.3:a:morphisec:unified_threat_prevention_platform::::::::
	cpe:2.3:a:morphisec:unified_threat_prevention_platform::::::::

References

Link	Resource
https://github.com/nettitude/metasploit-modules	Product Third Party Advisory
https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-30T05:26:59

Updated: 2021-01-30T05:26:59

Reserved: 2020-06-18T00:00:00

Link: CVE-2020-14418

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-30T06:15:12.227

Modified: 2021-02-04T16:16:07.453

Link: CVE-2020-14418

JSON object: View

Redhat Information

No data.

CWE

CWE-367

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-30T05:26:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/nettitude/metasploit-modules"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nettitude/metasploit-modules", "refsource": "MISC", "url": "https://github.com/nettitude/metasploit-modules"}, {"name": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/", "refsource": "MISC", "url": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14418", "datePublished": "2021-01-30T05:26:59", "dateReserved": "2020-06-18T00:00:00", "dateUpdated": "2021-01-30T05:26:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:advanced_malware_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "81FA992B-3F7A-4ACF-A249-BB33C8D1E6CE", "versionEndExcluding": "7.2.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:madshi:madcodehook:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD0D2FC5-FCC5-4ABF-9C5A-C9292AC530B6", "versionEndExcluding": "4.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:morphisec:unified_threat_prevention_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DEFB07F-D92E-42A7-9472-FAFA5CABB729", "versionEndExcluding": "3.5.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:morphisec:unified_threat_prevention_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "5934032F-97AD-4241-8608-F4744B37544A", "versionEndExcluding": "4.1.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions."}, {"lang": "es", "value": "Se presenta una vulnerabilidad TOCTOU en madCodeHook antes del 16-07-2020, que permite a atacantes locales elevar sus privilegios a SYSTEM. Esto ocurre porque el redireccionamiento de ruta puede ocurrir por medio de vectores que involucran uniones de directorio"}], "id": "CVE-2020-14418", "lastModified": "2021-02-04T16:16:07.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-30T06:15:12.227", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/nettitude/metasploit-modules"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}]}