← back
CVE-2020-37160

SprintWork 2.3.1 - Local Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-276
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Veridium · SprintWork

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://veridium.nethttps://veridium.net/sprintwork/https://www.exploit-db.com/exploits/48070https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation