Vulnerability
An Unquoted service path in Cordaware bestinformed software allows a local attacker to potentially escalate privileges to system level.
Timeline
- 15.12.2020 Vendor informed via email
- 17.12.2020 Sending additional information to Vendor
- 12/18/2020 Calling Vendor
- 11.01.2021 Still no reply
- 14.01.2021 Disclosure because of exceeding the 30-day deadline without any actions from the vendor
