← back
CVE-2020-5752

CVE-2020-5752

EPSS 8.6%
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
Affected products
n/a · Druva inSync Windows Client
public PoCs found6
githubgithub.com/yevh/CVE-2020-5752-Druva-inSync-Windows-Client-6.6.3---Local-Privilege-Escalation-PowerShell-4githubgithub.com/x0rbeexd/CVE-2020-57521cve_referencepacketstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48505unverifiedexploitdbwww.exploit-db.com/exploits/49211unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157802/Druva-inSync-Windows-Client-6.6.3-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/160404/Druva-inSync-Windows-Client-6.6.3-Privilege-Escalation.htmlhttps://www.tenable.com/security/research/tra-2020-34