Vulnerability CVE-2013-3496


Published: 2013-05-22

Description:
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

See advisories in our WLB2 database:
Topic
Author
Date
High
ViPNet Client\\Coordinator\\SafeDisk PF Local privilege escalation
Andrey Kurtasano...
22.05.2013
Med.
Infotecs ViPNet Products Privilege Escalation
Maksim Chudakov
23.05.2013

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Infotecs
Product: Vipnet safedisk 
Version: 4.1;
Product: Vipnet client 
Version: 3.2.10;
Product: Vipnet coordinator 
Version: 3.2.10;
Product: Vipnet personal firewall 
Version: 3.1;

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html

Copyright 2019, cxsecurity.com

 

Back to Top