CVE-2020-23968 — HIGH (7.8)

Vulnerability Description

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ilex	International Sign\&Go	7.1

Related Weaknesses (CWE)

CWE-59

References

http://ilex.comVendor Advisory
http://signgo.comThird Party Advisory
https://ricardojba.github.io/CVE-Pending-ILEX-SignGo-EoP/ExploitThird Party Advisory
http://ilex.comVendor Advisory
http://signgo.comThird Party Advisory
https://ricardojba.github.io/CVE-Pending-ILEX-SignGo-EoP/ExploitThird Party Advisory

FAQ

What is CVE-2020-23968?

CVE-2020-23968 is a vulnerability with a CVSS score of 7.8 (HIGH). Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

How severe is CVE-2020-23968?

CVE-2020-23968 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-23968?

Check the references section above for vendor advisories and patch information. Affected products include: Ilex International Sign\&Go.