How severe is CVE-2020-13386?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-13386?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2020-13386

HIGH Year: 2020

CVSS v3 Score

8.2

High

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-732

View all →

Vulnerability Description

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.

CVE-2021-32101

HIGH

CVSS:8.2(High)

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an ...

CWE-7322021

CVE-2023-28960

HIGH

CVSS:8.2(High)

An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files in...

CWE-7322023

CVE-2023-34154

HIGH

CVSS:8.2(High)

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system ...

CWE-7322023

CVE-2024-1724

HIGH

CVSS:8.2(High)

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automaticall...

CWE-7322024

CVE-2024-37574

HIGH

CVSS:8.2(High)

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the c...

CWE-7322024

CVE-2017-1000134

HIGH

CVSS:8.1(High)

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group memb...

CWE-7322017

CVE-2020-13386

Vulnerability Description

Related Vulnerabilities

CVE-2021-32101

CVE-2023-28960

CVE-2023-34154

CVE-2024-1724

CVE-2024-37574

CVE-2017-1000134