Published: 25/02/2020 Updated: 29/04/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated malicious user to execute arbitrary operating system commands with SYSTEM privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
DruvaInsync Client6.5.0

Mailing Lists

Druva inSync Windows Client version 652 suffers from a local privilege escalation vulnerability ...