On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-10-19T21:30:18
Updated: 2024-08-04T13:15:19.022Z
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15261
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-19T22:15:13.093
Modified: 2024-11-21T05:05:13.180
Link: CVE-2020-15261
Redhat
No data.