CVE-2020-12744 : The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local

The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.

Published 2022-10-20 11:15:10

Updated 2022-10-21 18:29:28

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-12744

Verint » Desktop And Process Analytics » Version: 15.2
cpe:2.3:a:verint:desktop_and_process_analytics:15.2:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Assigned by: nvd@nist.gov (Primary)

https://github.com/bwiltse/cve/blob/master/Verint/Verint-CVE-2020-12744.txt

cve/Verint-CVE-2020-12744.txt at master · bwiltse/cve · GitHub
Third Party Advisory

Jump to