Headline
CVE-2020-12744: cve/Verint-CVE-2020-12744.txt at master · bwiltse/cve
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2020-12744
[Suggested description]
The MSI installer in Verint Desktop Resources versions before 15.2.8.10 allows an unprivileged local user to elevate their privileges to SYSTEM during install or repair of the product.
------------------------------------------
[Additional Information]
This issue was quietly patched by the vendor after disclosure in December 2019.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Verint Systems Inc.
------------------------------------------
[Affected Product Code Base]
Verint Desktop Resources - 15.2.8.10
------------------------------------------
[Affected Component]
Verint Desktop Resources MSI installer
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
An unprivileged local user can repair the installation of Verint Desktop Resources to trigger the vulnerable behavior.
------------------------------------------
[Reference]
https://github.com/bwiltse/cve/tree/master/Verint
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Brian Wiltse