exploitDog

CVE-2020-15838

Опубликовано: 09 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

Ссылки

https://dbeta.com/2020/10/05/PrivilegeEscalationInAutomateAgent
Third Party Advisory
https://www.connectwise.com/company/trust/security-bulletins
Third Party Advisory
https://dbeta.com/2020/10/05/PrivilegeEscalationInAutomateAgent
Third Party Advisory
https://www.connectwise.com/company/trust/security-bulletins
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connectwise:automate:*:*:*:*:*:*:*:*

Версия до 2020.8 (исключая)

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-cp23-9g3v-fp46

github

больше 3 лет назад

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732