CVE-2020-1984

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-73
View all →

Vulnerability Description

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.

Related Vulnerabilities

CVE-2020-15264

HIGH
CVSS:7.8(High)

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged user...

CWE-732020

CVE-2021-22539

HIGH
CVSS:7.8(High)

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As ...

CWE-732021

CVE-2022-34669

HIGH
CVSS:7.8(High)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the appl...

CWE-732022

CVE-2023-5247

HIGH
CVSS:7.8(High)

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious ...

CWE-732023