IDrive up to 6.7.3 on Windows Folder Permission IDriveWindows default permission
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in IDrive up to 6.7.3 on Windows. Impacted is an unknown function of the file %PROGRAMFILES(X86)%\IDriveWindows of the component Folder Permission. This manipulation causes default permission. This vulnerability is tracked as CVE-2020-15351. The attack is restricted to local execution. No exploit exists. You should upgrade the affected component.
Details
A vulnerability was found in IDrive up to 6.7.3 on Windows. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the file %PROGRAMFILES(X86)%\IDriveWindows of the component Folder Permission. The manipulation with an unknown input leads to a default permission vulnerability. The CWE definition for the vulnerability is CWE-276. During installation, installed file permissions are set to allow anyone to modify those files. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
The weakness was disclosed 06/26/2020. This vulnerability is known as CVE-2020-15351 since 06/26/2020. Attacking locally is a requirement. A single authentication is required for exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1222 according to MITRE ATT&CK.
Upgrading to version 6.7.3.19 eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Default permissionCWE: CWE-276 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: IDrive 6.7.3.19
Timeline
06/26/2020 🔍06/26/2020 🔍
06/27/2020 🔍
06/27/2020 🔍
Sources
Status: Not definedCVE: CVE-2020-15351 (🔍)
GCVE (CVE): GCVE-0-2020-15351
GCVE (VulDB): GCVE-100-157327
Entry
Created: 06/27/2020 08:26Updated: 06/27/2020 08:31
Changes: 06/27/2020 08:26 (38), 06/27/2020 08:31 (17)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.