CVE-2020-24307

EUVD-2020-17041
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
mremotengmremoteng
1.76.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md
https://github.com/mRemoteNG/mRemoteNG/issues/2338
https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html
https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md
https://github.com/mRemoteNG/mRemoteNG/issues/2338
https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html