← Volver a CVEs

CVE-2020-11613

HIGH

7.8

Descripcion

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado6/11/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

mids\'_reborn_hero_designer_project:mids\'_reborn_hero_designer

Debilidades (CWE)

CWE-427CWE-732

Referencias

https://github.com/Crytilis/mids-reborn-hero-designer/releases(cve@mitre.org)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(cve@mitre.org)

https://github.com/Crytilis/mids-reborn-hero-designer/releases(af854a3a-2127-422b-91ae-364da2661108)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.