IBM QRadar Wincollect Escalation of Privilege (CVE-2020-4485 & CVE-2020-4486)

Thread starter [correlate]
Start date Sep 23, 2020

[correlate]

Level 18

Thread author

Top Poster

Well-known

Sep 23, 2020

#1

Content source: https://labs.redyops.com/index.php/2020/09/11/ibm-qradar-wincollect-escalation-of-privileges-cve-2020-4485-cve-2020-4486/

An Elevation of Privilege (EoP) exists in IBM QRadar Wincollect 7.2.0 – 7.2.9 . The vulnerability described gives the ability to a low privileged user to delete any file from the System and disable the Wincollect service. This arbitrary delete vulnerability can be leveraged in order to gain access as NT AUTHORITY\SYSTEM. During the exploitation, the attacker disables the Wincollect service.

labs.redyops.com

IBM QRadar Wincollect Escalation of Privilege

Writeup for IBM QRadar Wincollect CVE-2020-4485 and CVE-2020-4486 .

labs.redyops.com

Last edited by a moderator: Sep 23, 2020

Reactions: Amnesia and upnorth

You must log in or register to reply here.

Similar threads

New Update ESET patches High-Severity Privilege Escalation Vulnerability

Replies: 0

Views: 1,462

ESET Feb 16, 2024

CyberPanther

Security News Over 90,000 LG Smart TVs may be exposed to remote attacks

Replies: 1

Views: 1,168

Security News Apr 9, 2024

Practical Response

Security News December Android updates fix critical zero-click RCE flaw

Replies: 0

Views: 1,339

Security News Dec 4, 2023

Gandalf_The_Grey

Top