CVE-2020-15261

HIGH

Veyon Service <4.4.2 - Privilege Escalation

Title source: llm

Description

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

Exploits (3)

exploitdb WRITEUP

by Víctor García · textlocalwindows

https://www.exploit-db.com/exploits/49925

View Code ZIP pw:eip

exploitdb WRITEUP

by Víctor García · textlocalwindows

https://www.exploit-db.com/exploits/48246

View Code ZIP pw:eip

nomisec

by yaoyao-cool · poc

https://github.com/yaoyao-cool/CVE-2020-15261

View on nomisec

References (6)

[Third Party Advisory] https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp

[Issue Tracking, Third Party Advisory] https://github.com/veyon/veyon/issues/657

[Patch, Third Party Advisory] https://github.com/veyon/veyon/commit/f231ec511b9a09f43f49b2c7bb7c60b8046276b1

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162873/Veyon-4.4.1-Unquoted-Service-Path.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49925

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48246

Scores

CVSS v3 8.0

EPSS 0.0806

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

veyon/veyon < 4.4.2

Published Oct 19, 2020

Tracked Since Feb 18, 2026