Vulnerability-Lookup

CNVD-2021-14404

Vulnerability from cnvd - Published: 2021-03-04

Title

Sytech XL Reporter权限提升漏洞

Description

Sytech XL Reporter是美国Sytech公司的一个应用软件。提供Excel的所有强大功能如图表，格式和公式,以及XLReporter的行业特定功能生成出色的报告。 Sytech XL Reporter v14.0.1版本中存在本地权限提升漏洞。根据选择的向量，攻击者可以覆盖服务可执行文件，并以用户设置的权限执行任意代码，以运行服务或替换安装文件夹中的其他文件，从而允许本地权限提升。

Severity

高

Patch Name

Sytech XL Reporter权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：https://www.sytech.com/product-xlreporter-overview.asp

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167

Impacted products

Name
Sytech XL Reporter v14.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-13549",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-13549"
    }
  },
  "description": "Sytech XL Reporter\u662f\u7f8e\u56fdSytech\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9bExcel\u7684\u6240\u6709\u5f3a\u5927\u529f\u80fd\u5982\u56fe\u8868\uff0c\u683c\u5f0f\u548c\u516c\u5f0f,\u4ee5\u53caXLReporter\u7684\u884c\u4e1a\u7279\u5b9a\u529f\u80fd\u751f\u6210\u51fa\u8272\u7684\u62a5\u544a\u3002\n\nSytech XL Reporter v14.0.1\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u6839\u636e\u9009\u62e9\u7684\u5411\u91cf\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u670d\u52a1\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u5e76\u4ee5\u7528\u6237\u8bbe\u7f6e\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4ee5\u8fd0\u884c\u670d\u52a1\u6216\u66ff\u6362\u5b89\u88c5\u6587\u4ef6\u5939\u4e2d\u7684\u5176\u4ed6\u6587\u4ef6\uff0c\u4ece\u800c\u5141\u8bb8\u672c\u5730\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1ahttps://www.sytech.com/product-xlreporter-overview.asp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-14404",
  "openTime": "2021-03-04",
  "patchDescription": "Sytech XL Reporter\u662f\u7f8e\u56fdSytech\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9bExcel\u7684\u6240\u6709\u5f3a\u5927\u529f\u80fd\u5982\u56fe\u8868\uff0c\u683c\u5f0f\u548c\u516c\u5f0f,\u4ee5\u53caXLReporter\u7684\u884c\u4e1a\u7279\u5b9a\u529f\u80fd\u751f\u6210\u51fa\u8272\u7684\u62a5\u544a\u3002\r\n\r\nSytech XL Reporter v14.0.1\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u6839\u636e\u9009\u62e9\u7684\u5411\u91cf\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u8986\u76d6\u670d\u52a1\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u5e76\u4ee5\u7528\u6237\u8bbe\u7f6e\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4ee5\u8fd0\u884c\u670d\u52a1\u6216\u66ff\u6362\u5b89\u88c5\u6587\u4ef6\u5939\u4e2d\u7684\u5176\u4ed6\u6587\u4ef6\uff0c\u4ece\u800c\u5141\u8bb8\u672c\u5730\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sytech XL Reporter\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sytech XL Reporter v14.0.1"
  },
  "referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-03",
  "title": "Sytech XL Reporter\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2020-13549 (GCVE-0-2020-13549)

Vulnerability from cvelistv5 – Published: 2021-02-19 16:54 – Updated: 2024-08-04 12:18

Summary

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-276 - Incorrect Default Permissions

Assigner

talos

References

1 reference

URL	Tags
https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Sytech	Affected: Sytech XL Reporter v14.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:18:18.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sytech",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Sytech XL Reporter v14.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-19T16:54:44.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2020-13549",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sytech",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Sytech XL Reporter v14.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.8,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2020-13549",
    "datePublished": "2021-02-19T16:54:44.000Z",
    "dateReserved": "2020-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:18:18.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-14404

CVE-2020-13549 (GCVE-0-2020-13549)

Tags

Sightings

Nomenclature