Arbitrary Command Execution with SYSTEM Privileges in Druva inSync Windows Client 6.6.3

Arbitrary Command Execution with SYSTEM Privileges in Druva inSync Windows Client 6.6.3

CVE-2020-5752 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

Learn more about our Web Application Penetration Testing UK.