CVE-2020-15261
published 2020-10-19CVE-2020-15261: On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative…
PriorityP343medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EXPLOIT
EPSS
11.12%
95.4th percentile
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | veyon | — | — |
| veyon | veyon | < 0.11.5 | 0.11.5 |
| veyon | veyon | < 4.4.2 | 4.4.2 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_debian8.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.htmlhttps://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1https://github.com/veyon/veyon/issues/657https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqphttps://www.exploit-db.com/exploits/48246https://www.exploit-db.com/exploits/49925http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.htmlhttps://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1https://github.com/veyon/veyon/issues/657https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqphttps://www.exploit-db.com/exploits/48246https://www.exploit-db.com/exploits/49925
2020-10-19
Published