CVE-2020-36916

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/190627
https://packetstorm.news/files/id/159723
https://pro.sony/en_NL/products/display-software/tdm-ds1y-tdm-ds3y
https://www.exploit-db.com/exploits/48953
https://www.tdmsignage.com
https://www.vulncheck.com/advisories/tdm-digital-signage-pc-player-privilege-escalation-via-insecure-permissions
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5604.php
https://www.exploit-db.com/exploits/48953