Vulnerabilities > CVE-2020-13523 - Missing Authorization vulnerability in Softperfect RAM Disk 4.1

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
softperfect
CWE-862

Summary

An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Softperfect
1

Common Weakness Enumeration (CWE)