CVE-2022-20050

Published Mar 10, 2022

Last updated 3 years ago

Overview

Description
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038.
Source
security@mediatek.com
NVD status
Analyzed

Social media

Hype score
Not currently trending

Risk scores

CVSS 3.1

Type
Primary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.6
Impact score
6.4
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-59

Configurations