How severe is CVE-2020-11443?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-11443?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-11443 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user.

Related Vulnerabilities

CVE-2018-13054

HIGH

CVSS:8.1(High)

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_a...

CWE-592018

CVE-2020-25744

HIGH

CVSS:8.1(High)

SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%...

CWE-592020

CVE-2020-7040

HIGH

CVSS:8.1(High)

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain fi...

CWE-592020

CVE-2021-21125

HIGH

CVSS:8.1(High)

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

CWE-592021

CVE-2021-21686

HIGH

CVSS:8.1(High)

File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside...

CWE-592021

CVE-2021-30356

HIGH

CVSS:8.1(High)

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.

CWE-592021