osquery susceptible to DLL search order hijacking of zlib1.dll
CVE-2020-11081

5.3MEDIUM

Key Information:

Vendor

Osquery

Status
Vendor
CVE Published:
10 July 2020

What is CVE-2020-11081?

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.

Affected Version(s)

osquery < 4.4.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.