Vulnerability CVE-2017-5996


Published: 2017-10-26   Modified: 2017-10-27

Description:
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Bomgar Remote Support Local Privilege Escalation
Robert Wessen
27.10.2017

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Bomgar -> Remote support 

 References:
http://www.securitytracker.com/id/1039679
https://www.vsecurity.com/download/advisories/20171026-1.txt

Copyright 2024, cxsecurity.com

 

Back to Top