← voltar
CVE-2020-37160

SprintWork 2.3.1 - Local Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-276
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Veridium · SprintWork

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://veridium.nethttps://veridium.net/sprintwork/https://www.exploit-db.com/exploits/48070https://www.vulncheck.com/advisories/sprintwork-local-privilege-escalation