Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.
A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow an attacker to use the content of this configuration file to bypass authentication and log in as any user of the device. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5).
A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5).
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.
Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.
drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725.
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.
In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable.
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories.
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754.
Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
Windows Container Manager Service Elevation of Privilege Vulnerability
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.