Vulnerability Details : CVE-2020-27384
Potential exploit
The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable.
Vulnerability category: Gain privilege
Products affected by CVE-2020-27384
- cpe:2.3:a:arena:guild_wars_2:106916:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-27384
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-27384
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-27384
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-27384
-
https://github.com/FreySolarEye/CVE/blob/master/Guild%20Wars%202%20-%20Local%20Privilege%20Escalation
CVE/Guild Wars 2 - Local Privilege Escalation at master · FreySolarEye/CVE · GitHubExploit;Third Party Advisory
Jump to