Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2020-7352 | First vendor Publication | 2020-08-06 |
Vendor | Cve | Last vendor Modification | 2022-08-05 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.8 | ||
Base Score | 8.8 | Environmental Score | 8.8 |
impact SubScore | 6 | Temporal Score | 8.8 |
Exploitabality Sub Score | 2 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Changed | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7352 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-798 | Use of Hard-coded Credentials (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
Metasploit Database
id | Description |
---|---|
2020-04-28 | GOG GalaxyClientService Privilege Escalation |
Sources (Detail)
Source | Url |
---|---|
MISC | https://github.com/rapid7/metasploit-framework/pull/13444 https://www.positronsecurity.com/blog/2020-04-28-gog-galaxy-client-local-priv... |
Alert History
Date | Informations |
---|---|
2022-08-06 00:27:43 |
|
2021-05-04 13:57:37 |
|
2021-04-22 03:07:58 |
|
2020-08-11 05:22:56 |
|
2020-08-06 21:23:22 |
|