Published: 19/10/2020 Updated: 18/10/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
veyon veyon

Veyon version 441 suffers from an unquoted service path vulnerability ...

CWE-428 https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1 https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp https://github.com/veyon/veyon/issues/657 http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html https://www.exploit-db.com/exploits/49925 https://www.exploit-db.com/exploits/48246 https://nvd.nist.gov https://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15261

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect