CVE-2020-36154

HIGH

Pearson VUE Testing System 2.3.1911 - Unauthenticated Privilege Escalation via Directory Permissions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36154. PoCs published by Jok3r.

AI-analyzed exploit summary This exploit leverages an unquoted service path vulnerability in Pearson Vue VTS 2.3.1911, allowing local privilege escalation to the VUEService user by placing a malicious executable in the unquoted path. The script automates detection, payload download, and system reboot to trigger execution.

Description

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application.

Exploits (1)

exploitdb WORKING POC
by Jok3r · textlocalwindows
https://www.exploit-db.com/exploits/49143

This exploit leverages an unquoted service path vulnerability in Pearson Vue VTS 2.3.1911, allowing local privilege escalation to the VUEService user by placing a malicious executable in the unquoted path. The script automates detection, payload download, and system reboot to trigger execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Pearson Vue VTS 2.3.1911
Auth required
Prerequisites: Local access to the system · Ability to write to the 'C:\Pearson VUE\' directory · VUEApplicationWrapper service running with unquoted path
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49143

Scores

CVSS v3 7.8
EPSS 0.0044
EPSS Percentile 35.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
pearson/vue_testing_system 2.3.1911
Published Jan 04, 2021
Tracked Since Feb 18, 2026