Published: 15/05/2020 Updated: 21/05/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun-denshi universal_forensic_extraction_device_firmware

Cellebrite UFED device implements local operating system policies that can be circumvented to obtain a command prompt From there privilege escalation is possible using public exploits Versions 50 through 750845 are affected ...

Full Disclosure mailing list archives   By Date By Thread </form>    KL-001-2020-002 : Cellebrite Restricted Desktop Escape and Escalation of User Privilege  <! ...

CWE-269 http://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html https://github.com/thatguylevel https://twitter.com/thatguylevel https://korelogic.com/Resources/Advisories/KL-001-2020-002.txt https://korelogic.com/advisories.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2020/May/34

CVE-2020-12798

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect