CVE-2020-25502

Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
cybereasonendpoint_detection_and_response
𝑥
< 19.1.282
cybereasonendpoint_detection_and_response
19.2.0 ≤
𝑥
< 19.2.182
cybereasonendpoint_detection_and_response
20.1.0 ≤
𝑥
< 20.1.343
cybereasonendpoint_detection_and_response
20.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://cybereason.com
http://endpoint.com
https://www.cybereason.com/cybereason-vulnerability-disclosure
http://cybereason.com
http://endpoint.com
https://www.cybereason.com/cybereason-vulnerability-disclosure