CVE-2020-18169: A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers...
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.
Security readout for executives and security teams
Plain-English summary
This CVE concerns a reported privilege-escalation issue in the TechSmith Snagit 19.1.1.2860 Windows installer, not clearly the installed application. The public record also notes exploitation would require a user to bypass or ignore host operating system safety mechanisms, and TechSmith has a dispute advisory.
Executive priority
Treat this as a low-immediacy investigation item unless the affected legacy installer is broadly available to users. Business urgency is reduced by disputed status, missing severity data, and lack of active-exploitation evidence, but stale privileged installers should still be removed.
Technical view
The CVE describes a privilege-escalation weakness in the Windows Installer XML (WiX) toolset usage for the Snagit 19.1.1.2860 installer. The record provides no CVSS score, CWE, CPE, or concrete affected-product metadata. Evidence indicates installer-centric exposure and disputed status, with no KEV listing.
Likely exposure
Potential exposure is limited to environments retaining or executing the affected Snagit 19.1.1.2860 Windows installer. The source bundle does not prove that current Snagit installations, newer installers, or other TechSmith products are affected.
Exploitation context
Active exploitation is not supported by the provided sources. CISA KEV is false, and the CVE description says exploitation would require the end user to ignore other host OS safety mechanisms. Public evidence is incomplete and disputed.
Researcher notes
The CVE metadata is sparse: severity unknown, no CVSS, no CWE, no CPEs, and affected fields are n/a. Analysis should focus on whether the specific legacy installer exists in the environment and whether TechSmith guidance clarifies applicability or remediation.
Mitigation direction
Check TechSmith guidance and the dispute advisory before assigning remediation urgency.
Remove old Snagit installer packages from endpoints, shares, and software portals if no longer needed.
Use current vendor-provided installers from trusted distribution channels.
Enforce standard Windows installer and application-control protections.
Avoid granting users unnecessary local administrative privileges.
Validation and detection
Inventory endpoints and software repositories for Snagit 19.1.1.2860 installer artifacts.
Confirm whether users can execute retained legacy installers.
Review software deployment tools for cached Snagit 19.1.1.2860 packages.
Check whether current TechSmith guidance names affected or fixed versions.
Record the disputed status and missing CVSS/CWE in vulnerability tracking.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2020-18169 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jul 26, 2021, 18:26 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.