CVE-2020-27708

HIGH

EA Origin < 10.5.86 - Uncontrolled Search Path

Title source: rule

Description

A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.

References (1)

[Exploit, Vendor Advisory] https://www.ea.com/security/news/easec-2020-002-elevation-of-privilege-vulnerability-in-origin-client

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

ea/origin < 10.5.86

Timeline

Published Nov 02, 2020

Tracked Since Feb 18, 2026