Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
References
Link | Resource |
---|---|
https://hsm.utimaco.com/products-hardware-security-modules/general-purpose-hsm/ | Exploit Vendor Advisory |
https://secureyourit.co.uk/wp/2021/03/13/utimaco-cve-2020-26155/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-18T16:17:01
Updated: 2021-03-18T16:17:01
Reserved: 2020-09-30T00:00:00
Link: CVE-2020-26155
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-18T17:15:13.353
Modified: 2022-06-28T14:11:45.273
Link: CVE-2020-26155
JSON object: View
Redhat Information
No data.