Login Sign Up

CVE-2020-28175

7.8 HIGH

📋 TL;DR

CVE-2020-28175 is a local privilege escalation vulnerability in SpeedFan 4.52 that allows attackers with local access to execute arbitrary code with elevated SYSTEM privileges. This affects users running SpeedFan 4.52 on Windows systems. The vulnerability enables attackers to bypass normal user restrictions and gain complete control of the system.

💻 Affected Systems

Products:
  • Alfredo Milani Comparetti SpeedFan
Versions: 4.52
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation of SpeedFan 4.52. No special configuration is required for exploitation.

📦 What is this software?

Speedfan by Almico

View all CVEs affecting Speedfan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain SYSTEM privileges, install persistent malware, steal credentials, and pivot to other systems on the network.

🟠

Likely Case

Local attackers escalate privileges to install additional malware, disable security controls, or access protected system resources and data.

🟢

If Mitigated

Limited impact with proper user access controls, application whitelisting, and monitoring in place to detect privilege escalation attempts.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Any user with local access to a vulnerable SpeedFan installation can potentially escalate to SYSTEM privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Public exploit code is available on GitHub. Exploitation requires local access to the system and basic programming knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://www.almico.com/speedfan.php

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a newer version if available or removing SpeedFan entirely.

🔧 Temporary Workarounds

Remove SpeedFan 4.52

windows

Uninstall SpeedFan 4.52 from affected systems to eliminate the vulnerability

Control Panel > Programs > Uninstall a program > Select SpeedFan 4.52 > Uninstall

Restrict User Permissions

windows

Limit user access to systems running SpeedFan and implement least privilege principles

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized program execution
  • Enable Windows Defender Application Control or similar solutions to restrict privilege escalation

🔍 How to Verify

Check if Vulnerable:

Check if SpeedFan 4.52 is installed via Control Panel > Programs > Programs and Features

Check Version:

wmic product where name="SpeedFan" get version

Verify Fix Applied:

Verify SpeedFan 4.52 is no longer installed or has been upgraded to a newer version

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing privilege escalation attempts
  • Process creation events for SpeedFan with unusual parent processes

Network Indicators:

  • No network indicators as this is a local privilege escalation

SIEM Query:

EventID=4688 AND ProcessName="speedfan.exe" AND ParentProcess NOT IN ("explorer.exe", "cmd.exe")

📊 Metadata

CVE ID: CVE-2020-28175
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: December 3, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON