boku7/BarracudaDrivev6.5-LocalPrivEsc

boku7/BarracudaDrivev6.5-LocalPrivEsc

GitHubGitHub
GitHubgithub.com
Releases0
Stars1
Insecure Service File Permissions in bd service in Real Time Logics BarracudaDrive v6.5 allows local attackers to escalate privileges to admin via replacing the bd.exe file and restarting the computer where it will be run as 'LocalSystem' on the next startup automatically.
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2020-23834
8.8 HIGH7.2 HIGH

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.