CVE-2020-9331

EUVD-2020-30152
CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
cryptoprocsp
𝑥
< 5.0.0.10004
𝑥
= Vulnerable software versions
References
https://www.youtube.com/watch?v=b5vPDmMtzwQ
https://www.youtube.com/watch?v=b5vPDmMtzwQ