What is CVE-2020-15593?

CVE-2020-15593 is a vulnerability in SteelCentral Aternity Agent 11.0.0.120 on Windows that mishandles IPC, allowing for potential privilege escalation.

What is the severity of CVE-2020-15593?

The severity of CVE-2020-15593 is rated as high, with a CVSS score of 7.8.

What is the affected software for CVE-2020-15593?

The affected software for CVE-2020-15593 is Riverbed Steelcentral Aternity Agent version 11.0.0.120 on Windows.

How does CVE-2020-15593 impact Windows?

CVE-2020-15593 allows an attacker to potentially escalate privileges on Windows systems running SteelCentral Aternity Agent 11.0.0.120.

How can I mitigate the CVE-2020-15593 vulnerability?

To mitigate the CVE-2020-15593 vulnerability, it is recommended to follow the mitigation steps provided by the vendor or refer to the advisory linked in the references section.

Vulnerability/
CVE-2020-15593

high

7.8

27/7/2020

4/8/2024

CVE-2020-15593

First published: Mon Jul 27 2020(Updated: )

SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Riverbed Steelcentral Aternity Agent	=11.0.0.120
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-15593?
CVE-2020-15593 is a vulnerability in SteelCentral Aternity Agent 11.0.0.120 on Windows that mishandles IPC, allowing for potential privilege escalation.
What is the severity of CVE-2020-15593?
The severity of CVE-2020-15593 is rated as high, with a CVSS score of 7.8.
What is the affected software for CVE-2020-15593?
The affected software for CVE-2020-15593 is Riverbed Steelcentral Aternity Agent version 11.0.0.120 on Windows.
How does CVE-2020-15593 impact Windows?
CVE-2020-15593 allows an attacker to potentially escalate privileges on Windows systems running SteelCentral Aternity Agent 11.0.0.120.
How can I mitigate the CVE-2020-15593 vulnerability?
To mitigate the CVE-2020-15593 vulnerability, it is recommended to follow the mitigation steps provided by the vendor or refer to the advisory linked in the references section.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/first-publish-date
agent/tags
agent/description
agent/event
agent/source
vendor/riverbed
canonical/riverbed steelcentral aternity agent
version/riverbed steelcentral aternity agent/11.0.0.120
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.