exploitDog

CVE-2020-10655

Опубликовано: 06 янв. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

Ссылки

https://www.proofpoint.com/us/blog
Product
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003
Vendor Advisory
https://www.proofpoint.com/us/blog
Product
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*

Версия до 7.9.1 (исключая)

EPSS

Процентиль: 91%

0.06601

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-392p-h7qw-6vx7

github

больше 3 лет назад

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

EPSS

Процентиль: 91%

0.06601

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502