Vulnerability CVE-2020-13533


Published: 2021-04-09

Description:
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ??backdoor?? the installation files and escalate privileges when a new user logs in and uses the application.

Type:

CWE-276

(Incorrect Default Permissions)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Dreamreport -> Dream report 

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1146

Copyright 2022, cxsecurity.com

 

Back to Top