Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-15261

Good to know:

icon

Date: October 19, 2020

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Language: C++

Severity Score

Related Resources (8)

https://www.exploit-db.com/exploits/49925
https://nvd.nist.gov/vuln/detail/CVE-2020-15261
https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1
http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html
https://github.com/veyon/veyon/issues/657
https://www.exploit-db.com/exploits/48246
https://www.mend.io/vulnerability-database/CVE-2020-15261

Severity Score

Weakness Type (CWE)

Unquoted Search Path or Element

CWE-428

Top Fix

icon

Upgrade Version

Upgrade to version 4.4.2

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us