Multiple vulnerabiities in Win-911 Enterprise Platform
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-13540 CVE-2020-13539 |
| CWE-ID | CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Win-911 Enterprise Client/Desktop applications / Other client software |
| Vendor | WIN-911 Software |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Incorrect default permissions
EUVDB-ID: #VU49255
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-13540
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions within "WIN-911 Account Change Utility". A local attacker can view contents of files and directories and gain elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWin-911 Enterprise: 4.20.13
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect default permissions
EUVDB-ID: #VU49256
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-13539
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions within "WIN-911 Mobile Runtime" service. A local attacker can view contents of files and gain elevated privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWin-911 Enterprise: 4.20.13
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
