CVE-2020-1985

Summary

Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.

Affected Software

VendorProductVersion RangeStatus
SecdoSecdoall versionsaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

Workarounds

Change permission on C:\Programdata\Secdo\Logs to not allow unprivileged users access.

ADP Enrichment

CVE Program Container

Additional References

References