Privilege Escalation in Splashtop Software Updater by Splashtop
CVE-2020-12431

6.6MEDIUM

Key Information:

Vendor: Splashtop
Status: Software Updater
Vendor: CVE Published:; 21 May 2020

What is CVE-2020-12431?

A local privilege escalation vulnerability has been identified in Splashtop Software Updater prior to version 1.5.6.16. The issue arises from insecure permissions applied to configuration files and named pipes that allow an attacker to manipulate permissions on Splashtop files and directories. This can result in unauthorized escalation of user privileges to NT AUTHORITY/SYSTEM, enabling the possibility for DLL hijacking. This vulnerability also affects associated products such as Splashtop Streamer and Splashtop Business prior to version 3.3.8.0.

References

https://support-splashtopbusiness.splashtop.com/hc/en-us/...

x_refsource_MISC

https://improsec.com/tech-blog/privilege-escalation-vulne...

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2020
Vulnerability Reserved
Apr 28, 2020