Publish Date: January 17, 2020
Summary
Malicious users with login access to the Network Monitor host machine can write malicious files on the system potentially allowing the user to perform an attack which results in privilege escalation to SYSTEM privilege on the host machine.
Who’s Affected?
At this time, we do not believe anyone was affected by this vulnerability.
Details
Refer to the detailed technical writeup in the CVE linked in the References section.
Mitigating Factors
In order to exploit this vulnerability, the attacker would have to have Windows login access to the Spiceworks Network Monitor host machine.
Security Update Information
Due to the coordinated disclosure of this vulnerability, Spiceworks has communicated with users of Network Monitor to disclose the vulnerability and provide a period during which users could...