CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Mobile Runtime service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
talosCNA
9.3 CRITICAL
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
win911win-911
4.20.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1150
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1150
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1150
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1150