Vulnerability CVE-2020-12798


Published: 2020-05-15

Description:
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
Matthew Bergin
17.05.2020

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html
https://github.com/thatguylevel
https://korelogic.com/advisories.html
https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt
https://twitter.com/thatguylevel

Copyright 2021, cxsecurity.com

 

Back to Top