CVE-2020-15264

Опубликовано: 20 окт. 2020

Источник: nvd

CVSS3: 8

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0

Ссылки

https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633
Patch
Third Party Advisory
https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf
Third Party Advisory
https://www.kb.cert.org/vuls/id/208577
Third Party Advisory
https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633
Patch
Third Party Advisory
https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf
Third Party Advisory
https://www.kb.cert.org/vuls/id/208577
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:chocolatey:boxstarter:*:*:*:*:*:*:*:*

Версия до 2.13.0 (исключая)

EPSS

Процентиль: 50%

0.00271

Низкий

8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-73

EPSS

Процентиль: 50%

0.00271

Низкий

8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-73