7.8
CVSSv3

CVE-2019-13355

Published: 24/09/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local malicious users to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

totaldefense anti-virus 9.0.0.773