CVE-2020-25502

Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.

Published: Jan 20, 2023
Updated: Apr 14, 2023
CVE: CVE-2020-25502
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
cybereason / endpoint_detection_and_response	20.1.0	20.1.343
cybereason / endpoint_detection_and_response	19.2.0	19.2.182
cybereason / endpoint_detection_and_response	-	19.1.282
cybereason / endpoint_detection_and_response	20.2.0	20.2.0.x

http://cybereason.com
http://endpoint.com
https://www.cybereason.com/cybereason-vulnerability-disclosure

Vulnerability Database

290,206

CVE-2020-25502