Local Privilege Escalation Vulnerability in Sytech XL Reporter v14.0.1

Local Privilege Escalation Vulnerability in Sytech XL Reporter v14.0.1

CVE-2020-13549 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.

Learn more about our User Device Pen Test.