CVE-2020-26131
Last modified
CVE-2020-26131 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Open Dhcp Server Project | Open Dhcp Server | 0.1 | Beta |
| Open Dhcp Server Project | Open Dhcp Server | 1.75 | — |
References
- https://github.com/an0ry/advisoriesExploit, Third Party Advisory
- https://github.com/an0ry/advisoriesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-26131?
How severe is CVE-2020-26131?
How do I fix CVE-2020-26131?
Are you affected by CVE-2020-26131?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST