Vulnerability CVE-2013-3496
Published: 2013-05-22

Description:
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

See advisories in our WLB2 database:
Topic
Author
Date
High
ViPNet Client\\Coordinator\\SafeDisk PF Local privilege escalation
Andrey Kurtasano...
22.05.2013
Med.
Infotecs ViPNet Products Privilege Escalation
Maksim Chudakov
23.05.2013

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Infotecs -> Vipnet client 
Infotecs -> Vipnet coordinator 
Infotecs -> Vipnet personal firewall 
Infotecs -> Vipnet safedisk 

 References:
http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html
Copyright 2024, cxsecurity.com

 

Back to Top