An unquoted service path in the HIDCCEMonitorSVC software allows a local attacker to potentially escalate privileges to the system level.
Vulnerability Worldline HIDCCEMonitorSVC
Twitter
LinkedIn
Facebook
CVE
Vulnerability type
Privilege Escalation
Pentester
Florian Hansemann
Publication
21.12.2020
Software version
HIDCCEMonitorSVC Version <= 5.2.4.3
Timeline
– 29.10.2021 Manufacturer informs
– 10.11.2021 Manufacturer confirms the vulnerability and informs HanseSecure that the vulnerability will be patched in the next version.
– 21.12.2020 Disclosure
