CVE-2020-7352 : Vulnerability Insights and Analysis

GOG Galaxy GalaxyClientService Privilege Escalation

Understanding CVE-2020-7352

This CVE involves a privilege escalation vulnerability in the GalaxyClientService component of GOG Galaxy, potentially allowing attackers to execute commands with elevated privileges.

What is CVE-2020-7352?

The GalaxyClientService in GOG Galaxy operates with elevated SYSTEM privileges in Windows. It contains a static RSA private key, enabling attackers with this key and local user permissions to execute commands in an elevated context through a locally-bound network port.

The Impact of CVE-2020-7352

This vulnerability has a high severity rating with a CVSS base score of 8.4. It poses a significant risk to confidentiality, integrity, and system security, allowing unauthorized command execution with elevated privileges.

Technical Details of CVE-2020-7352

The technical aspects of this CVE are as follows:

Vulnerability Description

GOG Galaxy's GalaxyClientService vulnerability allows attackers to execute commands with elevated privileges.

Affected Systems and Versions

Affected versions include GOG GalaxyClientService 2.0.12 and earlier, as well as 1.2.64 and earlier.

Exploitation Mechanism

Attackers with the RSA private key and local user permissions can send commands to the service via localhost:9978 for execution in an elevated context.

Mitigation and Prevention

To address CVE-2020-7352, consider the following steps:

Immediate Steps to Take

Update GOG Galaxy to version 2.0.13 or later to mitigate the vulnerability.

Long-Term Security Practices

Regularly monitor and update software to prevent security vulnerabilities.
Implement least privilege access controls to limit potential damage from privilege escalation attacks.

Patching and Updates

Apply security patches and updates promptly to protect against known vulnerabilities.