RSS   Vulnerabilities for 'Software updater'   RSS

2017-03-11
 
CVE-2017-6466

 

 
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed.

 

 >>> Vendor: F-secure 55 Products
Internet gatekeeper
F-secure anti-virus
F-secure for firewalls
F-secure internet security
F-secure personal express
Client security
F-secure content scanner server
Policy manager
F-secure ssh server
Solutions based on f-secure personal express
F-secure service platform for service providers
Anti-virus
F-secure anti-virus client security
F-secure anti-virus linux client security
F-secure anti-virus linux server security
F-secure protection service
Internet security
F-secure anti-virus for linux
F-secure anti-virus for workstations
F-secure protection service for business
F-secure protection service for consumers
F-secure client security
F-secure mobile antivirus for s60
F-secure mobile antivirus for windows mobile
F-secure mobile security for series 80
F-secure anti-virus for citrix servers
F-secure anti-virus for microsoft exchange
F-secure anti-virus for mimesweeper
F-secure anti-virus for windows servers
F-secure home server security
F-secure internet gatekeeper for linux
F-secure internet gatekeeper for windows
F-secure linux security
F-secure messaging security gateway
Endpoint protection
Home server security
Linux security
SAFE
F-secure internet security 2010
Psb workstation security
Safe anywhere
Email and server security
Server security
Secure messaging secure gateway
Software updater
F-secure online scanner
Radar
Xfence
Atlant
Security cloud
Cloud protection for salesforce
Elements for microsoft 365
Cloud protection
Linux security 64
Elements endpoint protection


Copyright 2024, cxsecurity.com

 

Back to Top