How severe is CVE-2020-15261?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-15261?

This is classified as CWE-428, which is a common weakness in software security.

CVE-2020-15261

MEDIUM Year: 2020

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-428

View all →

Vulnerability Description

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

CVE-2017-14019

MEDIUM

CVSS:6.7(Medium)

An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authoriz...

CWE-4282017

CVE-2017-5873

MEDIUM

CVSS:6.7(Medium)

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, a...

CWE-4282017

CVE-2018-14789

MEDIUM

CVSS:6.7(Medium)

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may al...

CWE-4282018

CVE-2019-11093

MEDIUM

CVSS:6.7(Medium)

Unquoted service path in the installer for the Intel(R) SCS Discovery Utility version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local acc...

CWE-4282019

CVE-2019-6145

MEDIUM

CVSS:6.7(Medium)

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators ca...

CWE-4282019

CVE-2019-6149

MEDIUM

CVSS:6.7(Medium)

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with adminis...

CWE-4282019

CVE-2020-15261

Vulnerability Description

Related Vulnerabilities

CVE-2017-14019

CVE-2017-5873

CVE-2018-14789

CVE-2019-11093

CVE-2019-6145

CVE-2019-6149