Vulnerability CVE-2015-7961

Vulnerability CVE-2015-7961

Published: 2018-03-02 Modified: 2018-03-03

Description:

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Gemalto -> Safenet authentication service remote web workplace agent

References:

https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/

https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf

https://safenet.gemalto.com/technical-support/security-updates/

Vulnerability CVE-2015-7961

SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.

CWE-264

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

4.6/10

6.4/10

3.9/10

Local

Low

No required

Partial

Partial

Partial

Affected software

References: