CVE-2020-25917
HIGHStratodesk NoTouch Center < 4.4.68 - Privilege Escalation via User Creation Endpoint
Title source: llmDescription
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/160652/Stratodesk-NoTouch-Center-Privilege-Escalation.html
Scores
CVSS v3
8.8
EPSS
0.0124
EPSS Percentile
65.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-669
CWE-862
Status
published
Products (1)
stratodesk/notouch_center
< 4.4.68
Published
Dec 26, 2020
Tracked Since
Feb 18, 2026