CVE-2020-15264
Last modified
CVE-2020-15264 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chocolatey | Boxstarter | < 2.13.0 |
References
- https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633Patch, Third Party Advisory
- https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jfThird Party Advisory
- https://www.kb.cert.org/vuls/id/208577Third Party Advisory
- https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633Patch, Third Party Advisory
- https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jfThird Party Advisory
- https://www.kb.cert.org/vuls/id/208577Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-15264?
How severe is CVE-2020-15264?
How do I fix CVE-2020-15264?
Are you affected by CVE-2020-15264?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST