How severe is CVE-2020-3427?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2020-3427?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2020-3427 - HIGH Severity | CVSS 7.8

Vulnerability Description

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.

Related Vulnerabilities

CVE-2019-17437

HIGH

CVSS:7.8(High)

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PA...

CWE-2802019

CVE-2021-37851

HIGH

CVSS:7.8(High)

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue aff...

CWE-2802021

CVE-2022-22292

HIGH

CVSS:7.8(High)

Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.

CWE-2802022

CVE-2023-21421

HIGH

CVSS:7.8(High)

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

CWE-2802023

CVE-2023-2480

HIGH

CVSS:7.8(High)

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications

CWE-2802023

CVE-2023-25543

HIGH

CVSS:7.8(High)

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to ele...

CWE-2802023