Unrated severityNVD Advisory· Published Oct 20, 2020· Updated Aug 4, 2024

Privilege Escalation in Boxstarter

CVE-2020-15264

Description

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0

Affected products

Chocolatey/Boxstarterv5
Range: < 2.13.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/208577mitrethird-party-advisoryx_refsource_CERT-VN
github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633mitrex_refsource_MISC
github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jfmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000