Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-15261

Date: October 19, 2020

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Language: C++

Severity Score

Related Resources (8)

https://www.exploit-db.com/exploits/49925
https://nvd.nist.gov/vuln/detail/CVE-2020-15261
https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1
http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html
https://github.com/veyon/veyon/issues/657
https://www.exploit-db.com/exploits/48246
https://www.mend.io/vulnerability-database/CVE-2020-15261

Severity Score

Weakness Type (CWE)

Unquoted Search Path or Element

CWE-428

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us