Main Vulnerability Database Vulnerabilities #VU26736

#VU26736 Incorrect default permissions in Secdo - CVE-2020-1985

Published: April 9, 2020

Vulnerability identifier: #VU26736

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1985

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Secdo

Software vendor:
Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions on "C:\Programdata\Secdo\Logs" folder. A local user can overwrite system files and gain elevated privileges on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://security.paloaltonetworks.com/CVE-2020-1985

#VU26736 Incorrect default permissions in Secdo - CVE-2020-1985

Description

Remediation

External links

Please verify you're human