First published: Fri Apr 09 2021(Updated: )
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dreamreport Dream Report | =5_r20-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-13532 is critical with a CVSS score of 7.8.
An attacker can provide a malicious file to replace the Syncfusion Dashboard Service service binary and escalate privileges to NT SYSTEM.
Yes, Dream Report 5 R20-2 is affected by the privilege escalation vulnerability described in CVE-2020-13532.
The CWE associated with CVE-2020-13532 is CWE-276.