CVE-2020-14945 - OpenCVE

A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Globalradar	Bsa Radar

Configuration 1 [-]

cpe:2.3:a:globalradar:bsa_radar:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md
https://www.exploit-db.com/exploits/48649

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-22T21:45:24

Updated: 2024-08-04T13:00:52.058Z

Reserved: 2020-06-21T00:00:00

Link: CVE-2020-14945

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-22T22:15:12.960

Modified: 2022-05-03T13:59:31.300

Link: CVE-2020-14945

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-08T19:01:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md"}, {"name": "48649", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/48649"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14945", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities", "refsource": "MISC", "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities"}, {"name": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md", "refsource": "MISC", "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md"}, {"name": "48649", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/48649"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:00:52.058Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md"}, {"name": "48649", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/48649"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14945", "datePublished": "2020-06-22T21:45:24", "dateReserved": "2020-06-21T00:00:00", "dateUpdated": "2024-08-04T13:00:52.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:globalradar:bsa_radar:*:*:*:*:*:*:*:*", "matchCriteriaId": "7762846B-9A65-4A3C-B994-C78540B21DC5", "versionEndIncluding": "1.6.7234.24750", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios dentro de Global RADAR BSA Radar versiones 1.6.7234.24750 y anteriores, que permite a un usuario autenticado y poco privilegiado escalar sus privilegios a derechos de administrador (es decir, el rol de BankAdmin) por medio de datos de SaveUser modificados"}], "id": "CVE-2020-14945", "lastModified": "2022-05-03T13:59:31.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-22T22:15:12.960", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/48649"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}