Security Vulnerabilities - CVEs Published In January 2020
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.
CVSS Score
9.0
EPSS Score
0.001
Published
2020-01-23
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.
CVSS Score
8.2
EPSS Score
0.001
Published
2020-01-23
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
CVSS Score
6.2
EPSS Score
0.001
Published
2020-01-23
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
CVSS Score
9.8
EPSS Score
0.233
Published
2020-01-23
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
CVSS Score
9.8
EPSS Score
0.043
Published
2020-01-23
Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference
CVSS Score
5.5
EPSS Score
0.007
Published
2020-01-23
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.057
Published
2020-01-23
BabyGekko before 1.2.4 has SQL injection.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-23
BabyGekko before 1.2.4 allows PHP file inclusion.
CVSS Score
9.8
EPSS Score
0.078
Published
2020-01-23
HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability
CVSS Score
9.8
EPSS Score
0.011
Published
2020-01-23