CVE-2020-1985 Secdo: Incorrect Default Permissions
Attack Vector LOCAL
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
|Secdo||all versions on Windows|
CVSSv3.1 Base Score:7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE-276 Incorrect Default Permissions
This product is no longer supported and the issue will not be fixed. Change permission on C:\Programdata\Secdo\Logs folder to not allow unprivileged users access.
Workarounds and Mitigations
Change permission on C:\Programdata\Secdo\Logs to not allow unprivileged users access.
We like to thank Eviatar Gerzi of CyberArk Labs Team for discovering and reporting this issue.