CVE-2020-1986

Summary

Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:) to cause a system crash on every login. This issue affects all versions Secdo for Windows.

Affected Software

VendorProductVersion RangeStatus
SecdoSecdoall versionsaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Exploitation of this issue can be prevented by creating a "C:\proc" folder and not allowing unprivileged users to access that folder.

ADP Enrichment

CVE Program Container

Additional References

References