Automate
CVE-2020-15838
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
AnalysisAI
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. Affected products include: Connectwise Automate. Version information: before 2020.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain acc
An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132. Rated critical severity (CVSS 9.8), this vulner
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication
Code integrity failure in ConnectWise Automate Agent versions prior to 2026.5 allows adjacent network attackers to subst
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
Unencrypted client-server communications in ConnectWise Automate Solution Center expose sensitive data to network interc
Connectwise Automate 2022.11 is vulnerable to Clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remo
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Rated medium severity (CVSS 5.9), this vulnerabi
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain acc
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today