CVE-2020-18169 — HIGH (7.8)

Vulnerability Description

A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Techsmith	Snagit	19.1.1.2860
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-269

References

https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/Third Party Advisory
https://github.com/GitHubAssessments/CVE_Assessment_04_2019/blob/master/Snagit_RExploitThird Party Advisory
https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/Third Party Advisory
https://github.com/GitHubAssessments/CVE_Assessment_04_2019/blob/master/Snagit_RExploitThird Party Advisory

FAQ

What is CVE-2020-18169?

CVE-2020-18169 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ...

How severe is CVE-2020-18169?

CVE-2020-18169 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-18169?

Check the references section above for vendor advisories and patch information. Affected products include: Techsmith Snagit, Microsoft Windows.