CVE-2020-25106
HIGH WAF: Low
CVSS 7.8
Published: 2020-12-22
CWE-269
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| supremocontrol | supremo | 4.1.3.2348 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory)
- seclists.org (Exploit, Mailing List, Third Party Advisory)
- www.supremocontrol.com (Release Notes, Vendor Advisory)