CVE-2020-14418
Description
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.
Related CPE's
References
ProductThird Party Advisory
ExploitThird Party Advisory
CvssV3 impact
BaseSeverity | HIGH |
ConfidentialityImpact | HIGH |
AttackComplexity | HIGH |
Scope | UNCHANGED |
AttackVector | LOCAL |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | LOW |
BaseScore | 7 |
VectorString | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Version | 3.1 |
UserInteraction | NONE |
CvssV2 impact
AccessComplexity | MEDIUM |
ConfidentialityImpact | COMPLETE |
AvailabilityImpact | COMPLETE |
IntegrityImpact | COMPLETE |
BaseScore | 6.900000095367432 |
VectorString | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Version | 2.0 |
AccessVector | LOCAL |
Authentication | NONE |