Vulnerability Details CVE-2020-12798
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html
- https://github.com/thatguylevel
- https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt
- https://korelogic.com/advisories.html
- https://twitter.com/thatguylevel
- http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html
- https://github.com/thatguylevel
- https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt
- https://korelogic.com/advisories.html
- https://twitter.com/thatguylevel
Products affected by CVE-2020-12798
-
cpe:2.3:h:sun-denshi:universal_forensic_extraction_device_ruggedized_panasonic_laptop:-
-
cpe:2.3:h:sun-denshi:universal_forensic_extraction_device_touch_2:-
-
cpe:2.3:h:sun-denshi:universal_forensic_extraction_device_touch_2_ruggedized:-
-
cpe:2.3:o:sun-denshi:universal_forensic_extraction_device_firmware:5.0
-
cpe:2.3:o:sun-denshi:universal_forensic_extraction_device_firmware:7.5.0.845