CVE-2020-5755 : What You Need to Know
Learn about CVE-2020-5755 affecting Webroot SecureAnywhere. Discover the impact, affected versions, and mitigation steps for this Local Privilege Escalation vulnerability.
Webroot SecureAnywhere prior to version v9.0.28.48 is vulnerable to a Local Privilege Escalation issue due to a directory renaming flaw.
Understanding CVE-2020-5755
Webroot SecureAnywhere versions before v9.0.28.48 are susceptible to a privilege escalation vulnerability that could be exploited by attackers.
What is CVE-2020-5755?
Webroot SecureAnywhere agents failed to protect a specific directory against renaming, enabling attackers to manipulate dlls for privilege escalation upon service restart.
The Impact of CVE-2020-5755
The vulnerability allows attackers to crash the system or hijack dlls in the directory, potentially leading to privilege escalation.
Technical Details of CVE-2020-5755
Webroot SecureAnywhere vulnerability details and affected systems.
Vulnerability Description
- Webroot SecureAnywhere agents did not secure the "%PROGRAMDATA%\WrData\PKG" directory against renaming.
- Attackers could exploit this flaw to crash the system or hijack dlls for privilege escalation.
Affected Systems and Versions
- Product: Webroot SecureAnywhere
- Versions Affected: All versions prior to v9.0.28.48
Exploitation Mechanism
- Attackers can trigger a crash or wait for Webroot service restart to rewrite and hijack dlls for privilege escalation.
Mitigation and Prevention
Protecting systems from CVE-2020-5755.
Immediate Steps to Take
- Update Webroot SecureAnywhere to version v9.0.28.48 or later.
- Monitor system logs for any suspicious activities.
Long-Term Security Practices
- Regularly update and patch software to prevent vulnerabilities.
- Implement least privilege access controls to limit potential damage.
- Conduct regular security audits and penetration testing.
Patching and Updates
- Apply patches and updates provided by Webroot to address the vulnerability.