Privilege Escalation in Verint Desktop Resources Installation
CVE-2020-12744

7.8HIGH

Key Information:

Vendor: Verint
Status: Desktop And Process Analytics
Vendor: CVE Published:; 20 October 2022

What is CVE-2020-12744?

The MSI installer of Verint Desktop Resources version 15.2 contains a vulnerability that permits an unprivileged local user to gain elevated privileges during the installation or repair process. This means that without appropriate rights, an attacker could exploit this loophole to execute arbitrary code with higher permissions, potentially compromising system integrity and confidentiality.

References

https://github.com/bwiltse/verint

https://github.com/bwiltse/cve/blob/master/Verint/Verint-...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2022
Vulnerability Reserved
May 8, 2020

CVE-2020-12744 Data

JSON