Vulnerability Description
A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Advanced Malware Protection | < 7.2.13 |
| Madshi | Madcodehook | < 4.1.3 |
| Morphisec | Unified Threat Prevention Platform | < 3.5.9 |
Related Weaknesses (CWE)
References
- https://github.com/nettitude/metasploit-modulesProductThird Party Advisory
- https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privileExploitThird Party Advisory
- https://github.com/nettitude/metasploit-modulesProductThird Party Advisory
- https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privileExploitThird Party Advisory
FAQ
What is CVE-2020-14418?
CVE-2020-14418 is a vulnerability with a CVSS score of 7.0 (HIGH). A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving d...
How severe is CVE-2020-14418?
CVE-2020-14418 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14418?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Advanced Malware Protection, Madshi Madcodehook, Morphisec Unified Threat Prevention Platform.