CVE-2020-11613
Last modified
CVE-2020-11613 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mids\' Reborn Hero Designer Project | Mids\' Reborn Hero Designer | 2.6.0.7 |
References
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease Notes, Third Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploit, Third Party Advisory
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease Notes, Third Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11613?
How severe is CVE-2020-11613?
How do I fix CVE-2020-11613?
Are you affected by CVE-2020-11613?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST