High severity7.8NVD Advisory· Published Jun 26, 2020· Updated Jun 17, 2026
CVE-2020-15351
CVE-2020-15351
Description
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- IDrive/IDrivedescription
- Range: <6.7.3.19
- Range: <6.7.3.19
Patches
Vulnerability mechanics
References
2- github.com/active-labs/Advisories/blob/master/2020/ACTIVE-2020-004.mdnvdThird Party Advisory
- www.idrive.com/release-infonvdVendor Advisory
News mentions
0No linked articles in our index yet.