Vulnerability Details : CVE-2020-10551
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
Products affected by CVE-2020-10551
- cpe:2.3:a:tencent:qqbrowser:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10551
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10551
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-10551
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10551
-
https://github.com/seqred-s-a/CVE-2020-10551
GitHub - seqred-s-a/CVE-2020-10551: Privilege escalation in QQBrowserThird Party Advisory
-
https://seqred.pl/en/cve-2020-10551-privilege-escalation-in-qqbrowser/
CVE-2020-10551 – privilege escalation in QQBrowser | SEQREDThird Party Advisory
Jump to