CVE-2020-13149
First published: Mon May 18 2020(Updated: )
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.6.2003.2401 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13149?
CVE-2020-13149 is rated as a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2020-13149?
To fix CVE-2020-13149, update Dragon Center to version 2.6.2003.2401 or later.
Who is affected by CVE-2020-13149?
CVE-2020-13149 affects users of MSI Gaming laptops with Dragon Center versions prior to 2.6.2003.2401.
What types of attacks can exploit CVE-2020-13149?
Attackers can exploit CVE-2020-13149 to overwrite system files and achieve escalated privileges on the affected systems.
What components of Dragon Center are vulnerable in CVE-2020-13149?
The vulnerability in CVE-2020-13149 stems from weak permissions on the '%PROGRAMDATA%\MSI\Dragon Center' folder.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- vendor/msi