How severe is CVE-2020-15843?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2020-15843?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2020-15843 - HIGH Severity | CVSS 7.3

Vulnerability Description

ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.

Related Vulnerabilities

CVE-2019-19490

HIGH

CVSS:7.3(High)

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.

CWE-2762019

CVE-2019-2200

HIGH

CVSS:7.3(High)

In updatePermissions of PermissionManagerService.java, it may be possible for a malicious app to obtain a custom permission from another app due to a permission bypass. This could lead to local escala...

CWE-2762019

CVE-2020-0133

HIGH

CVSS:7.3(High)

In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution pri...

CWE-2762020

CVE-2020-10049

HIGH

CVSS:7.3(High)

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to inclu...

CWE-2762020

CVE-2020-12510

HIGH

CVSS:7.3(High)

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which...

CWE-2762020

CVE-2020-17381

HIGH

CVSS:7.3(High)

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE...

CWE-2762020