Windows
CVE-2020-36929
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
AnalysisAI
Brprint Auditor versions up to 3.0.7 contains a vulnerability that allows attackers to potentially execute arbitrary code (CVSS 7.8).
Technical ContextAI
exists in the its Windows component. Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
RemediationAI
Monitor vendor advisories for a patch.
More from same product – last 7 days
Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po
Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-
Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot
Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain
Share
External POC / Exploit Code
Leaving vuln.today