Windows Privilege Escalation Vulnerability in Splashtop Software Updater

Windows Privilege Escalation Vulnerability in Splashtop Software Updater

CVE-2020-12431 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).

Learn more about our Web Application Penetration Testing UK.