The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software.
Published 2020-08-06 16:15:13
Updated 2022-08-05 19:31:37
Source Rapid7, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-7352

0.14%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-7352

  • GOG GalaxyClientService Privilege Escalation
    Disclosure Date: 2020-04-28
    First seen: 2020-06-15
    exploit/windows/local/gog_galaxyclientservice_privesc
    This module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected). Authors: - Joe Testa <jtesta@positronsecuri

CVSS scores for CVE-2020-7352

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST
8.4
HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
2.0
5.8
cve@rapid7.con
8.8
HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2.0
6.0
NIST

CWE ids for CVE-2020-7352

References for CVE-2020-7352

Products affected by CVE-2020-7352

  • GOG » Galaxy » For Windows
    Versions from including (>=) 1.2.0 and up to, including, (<=) 1.2.64
    cpe:2.3:a:gog:galaxy:*:*:*:*:*:windows:*:*
  • GOG » Galaxy » For Windows
    Versions from including (>=) 2.0.0 and up to, including, (<=) 2.0.12
    cpe:2.3:a:gog:galaxy:*:*:*:*:*:windows:*:*
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!