CVE-2020-1986

Secdo: Local authenticated users can cause Windows system crash

CVSS 5.5 MEDIUMEPSS 0.3%CWE-20

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Apr 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Secdo · Secdo

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2020-1986