Security Center
CVE-2020-25045
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
AnalysisAI
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-427. Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system. Affected products include: Kaspersky Security Center, Kaspersky Security Center Web Console. Version information: prior to 12.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Security Center
View allSQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerabi
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Se
Security Center's access control implementation fails to properly restrict authenticated users to their authorized scope
An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker
A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker co
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Secu
Authenticated users of Security Center can manipulate the 'owner' parameter to gain unauthorized elevated privileges thr
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today