CVE-2020-21046
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in EagleGet Downloader's update service. Authenticated non-administrative users can exploit this to execute arbitrary code with SYSTEM privileges. Only users running the affected version of EagleGet Downloader on Windows systems are impacted.
💻 Affected Systems
- EagleGet Downloader
📦 What is this software?
Eagleget by Softonic
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full SYSTEM-level control over the Windows system, enabling installation of persistent malware, credential theft, and complete system compromise.
Likely Case
Malicious insider or compromised user account escalates privileges to install additional malware, steal sensitive data, or pivot to other systems.
If Mitigated
With proper user access controls and endpoint protection, exploitation attempts are detected and blocked, limiting impact to isolated incidents.
🎯 Exploit Status
Exploit details and proof-of-concept are publicly available in the referenced Medium article. Requires authenticated user access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://eagleget.com
Restart Required: No
Instructions:
1. Check EagleGet website for updated version. 2. Uninstall vulnerable version. 3. Install patched version if available. 4. Verify service is no longer vulnerable.
🔧 Temporary Workarounds
Disable vulnerable service
windowsStop and disable the 'luminati_net_updater_win_eagleget_com' service to prevent exploitation.
sc stop luminati_net_updater_win_eagleget_com
sc config luminati_net_updater_win_eagleget_com start= disabled
Remove EagleGet Downloader
windowsUninstall the vulnerable software completely.
Control Panel > Programs > Uninstall EagleGet Downloader
🧯 If You Can't Patch
- Implement strict user access controls to limit who can run executables
- Deploy endpoint detection and response (EDR) to monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check if EagleGet version 2.1.5.20 is installed and if 'luminati_net_updater_win_eagleget_com' service exists and is running.Check Version:
Check Add/Remove Programs or run: wmic product where name='EagleGet' get versionVerify Fix Applied:
Verify EagleGet is uninstalled or updated to a newer version, and the vulnerable service is stopped and disabled.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing service manipulation
- Process creation events with SYSTEM privileges from user accounts
- Unusual service start/stop events for luminati_net_updater_win_eagleget_com
Network Indicators:
- Unusual outbound connections from SYSTEM processes
SIEM Query:
EventID=4688 AND NewProcessName='*luminati*' OR EventID=7045 AND ServiceName='luminati_net_updater_win_eagleget_com'