Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-43701

Summary
Assigner-Arm
Assigner Org ID-56a131ea-b967-4a0d-a41e-5f3549952846
Published At-27 Jul, 2023 | 21:28
Updated At-13 Feb, 2025 | 16:33
Rejected At-
Credits

Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Arm
Assigner Org ID:56a131ea-b967-4a0d-a41e-5f3549952846
Published At:27 Jul, 2023 | 21:28
Updated At:13 Feb, 2025 | 16:33
Rejected At:
▼CVE Numbering Authority (CNA)
Insecure directory permissions on installer files

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Affected Products
Vendor
Arm LimitedArm Ltd
Product
Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)
Modules
  • installer
Default Status
affected
Versions
Affected
  • AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations

To exploit this an attacker must have write access to the location where the software development tool is installed.

Workarounds
Exploits
Credits
finder
FalconCorruption
reporter
Intel
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://developer.arm.com/documentation/ka005596/latest
N/A
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
N/A
Hyperlink: https://developer.arm.com/documentation/ka005596/latest
Resource: N/A
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://developer.arm.com/documentation/ka005596/latest
x_transferred
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
x_transferred
Hyperlink: https://developer.arm.com/documentation/ka005596/latest
Resource:
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:arm-security@arm.com
Published At:27 Jul, 2023 | 22:15
Updated At:13 Feb, 2025 | 17:15

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Arm Limited
arm
>>arm_compiler>>Versions from 5.00(inclusive) to 5.06(inclusive)
cpe:2.3:a:arm:arm_compiler:*:*:*:*:*:*:*:*
Arm Limited
arm
>>arm_compiler>>Versions from 6.00(inclusive) to 6.20(exclusive)
cpe:2.3:a:arm:arm_compiler:*:*:*:*:*:*:*:*
Arm Limited
arm
>>arm_compiler_for_embedded_fusa>>6.16
cpe:2.3:a:arm:arm_compiler_for_embedded_fusa:6.16:*:*:*:lts:*:*:*
Arm Limited
arm
>>arm_compiler_for_functional_safety>>6.6
cpe:2.3:a:arm:arm_compiler_for_functional_safety:6.6:*:*:*:*:*:*:*
Arm Limited
arm
>>arm_development_studio>>*
cpe:2.3:a:arm:arm_development_studio:*:*:*:*:*:*:*:*
Arm Limited
arm
>>arm_mobile_studio>>*
cpe:2.3:a:arm:arm_mobile_studio:*:*:*:*:*:*:*:*
Arm Limited
arm
>>ds_development_studio>>Versions from 5.0.0(inclusive) to 5.29.3(inclusive)
cpe:2.3:a:arm:ds_development_studio:*:*:*:*:*:*:*:*
Arm Limited
arm
>>fast_models>>*
cpe:2.3:a:arm:fast_models:*:*:*:*:*:*:*:*
Arm Limited
arm
>>gnu_toolchain>>*
cpe:2.3:a:arm:gnu_toolchain:*:*:*:*:*:*:*:*
Arm Limited
arm
>>keil_mdk>>*
cpe:2.3:a:arm:keil_mdk:*:*:*:*:*:*:*:*
Arm Limited
arm
>>linaro_forge>>Versions before 22.1(exclusive)
cpe:2.3:a:arm:linaro_forge:*:*:*:*:*:*:*:*
Arm Limited
arm
>>mbed_studio>>*
cpe:2.3:a:arm:mbed_studio:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Secondaryarm-security@arm.com
CWE-276Primarynvd@nist.gov
CWE ID: CWE-276
Type: Secondary
Source: arm-security@arm.com
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://developer.arm.com/documentation/ka005596/latestarm-security@arm.com
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.htmlarm-security@arm.com
N/A
https://developer.arm.com/documentation/ka005596/latestaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://developer.arm.com/documentation/ka005596/latest
Source: arm-security@arm.com
Resource:
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
Source: arm-security@arm.com
Resource: N/A
Hyperlink: https://developer.arm.com/documentation/ka005596/latest
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

375Records found
CVE-2021-42011
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 07:46
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex One
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-52361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 00:00
Updated-04 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-41614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register (EPCR) are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR.

Action-Not Available
Vendor-openriscn/a
Product-mor1kx_firmwaremor1kxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-14427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-14425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-13310
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.46%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:36
Updated-17 Dec, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-13314
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.66%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:57
Updated-18 Dec, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-862
Missing Authorization
CVE-2017-13312
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.66%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:54
Updated-18 Dec, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-43629
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 16.95%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installersgraphics_performance_analyzer
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-13311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:46
Updated-18 Dec, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35183
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.28%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:23
Updated-13 Sep, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41726
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.13%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 18:13
Updated-06 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41718
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:18
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowssecure_access_clientSecure Access
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40132
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.29%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 23:04
Updated-22 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-40154
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-23 Oct, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privillaged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR for Gameplay Softwaresystem_usage_report
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-39694
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4088
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 5.40%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 02:26
Updated-24 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious Code Execution Vulnerability in FA Engineering Software Products

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-gx_works3MELSOFT iQ AppPortalPX DeveloperGX Works3GT SoftGOT1000 Version3CPU Module Logging Configuration ToolFX Configurator-FPGT Designer3 Version1(GOT1000)GX LogViewerGT SoftGOT2000 Version1GT Designer3 Version1(GOT2000)MELSOFT Update ManagerData TransferMELSOFT MaiLabData Transfer ClassicFX Configurator-ENRT ToolBox3MELSOFT FieldDeviceConfiguratorMX ComponentFR Configurator2GX Works2EZSocketMELSOFT NavigatorRT VisualBoxAL-PCS/WIN-EFX Configurator-EN-LMX Sheet
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35080
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.64%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:18
Updated-07 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.

Action-Not Available
Vendor-Ivanti SoftwareMicrosoft Corporation
Product-windowssecure_access_clientSecure Access Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-35181
Matching Score-4
Assigner-SolarWinds
ShareView Details
Matching Score-4
Assigner-SolarWinds
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.53%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 14:24
Updated-13 Sep, 2024 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SolarWinds Access Rights Manager Incorrect Default Permissions Local Privilege Escalation Vulnerability

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation.

Action-Not Available
Vendor-SolarWinds Worldwide, LLC.
Product-access_rights_managerAccess Rights Manageraccess_rights_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 01:05
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File and Directory Permission Vulnerability in JP1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Action-Not Available
Vendor-Hitachi, Ltd.Microsoft Corporation
Product-windowsjp1\/performance_managementJP1/Performance Management - Remote Monitor for Virtual MachineJP1/Performance Management - Agent Option for IBM WebSphere Application ServerJP1/Performance Management - Agent Option for Service ResponseJP1/Performance Management - Agent Option for Virtual MachineJP1/Performance Management - Remote Monitor for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for PlatformJP1/Performance Management - Agent Option for Enterprise ApplicationsJP1/Performance Management - Agent Option for Application ServerJP1/Performance Management - Agent Option for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for uCosminexus Application ServerJP1/Performance Management - Remote Monitor for OracleJP1/Performance Management - Agent Option for Microsoft(R) Exchange ServerJP1/Performance Management - BaseJP1/Performance Management - Agent Option for JP1/AJS3JP1/Performance Management - Agent Option for IBM Lotus DominoJP1/Performance Management - Agent Option for OracleJP1/Performance Management - Agent Option for IBM WebSphere MQJP1/Performance Management - Agent Option for DominoJP1/Performance Management - Agent Option for OpenTP1JP1/Performance Management - Agent Option for Microsoft(R) Internet Information ServerJP1/Performance Management - ManagerJP1/Performance Management - Agent Option for Transaction SystemJP1/Performance Management - Remote Monitor for PlatformJP1/Performance Management - Agent Option for HiRDBJP1/Performance Management - Agent Option for Oracle WebLogic Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-33240
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 00:00
Updated-21 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Action-Not Available
Vendor-n/aMicrosoft CorporationFoxit Software Incorporated
Product-windowspdf_editorpdf_readern/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-38420
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.02%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 19:05
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIALink

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dialinkDIALink
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-34315
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:38
Updated-28 Oct, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-virtual_raid_on_cpuIntel(R) VROC softwarevirtual_raid_on_cpu
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32351
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.58%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiTunes for Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32547
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.91%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-topconpositioningn/aIntel Corporation
Product-falcon_8\+mavinci_desktopMAVinci Desktop Software for Intel(R) Falcon 8+mavinci_desktop_software_for_intel_falcon_8_plus
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-43595
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.15%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 21:12
Updated-22 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSP360 Backup (for Linux) insecure filesystem permissions

An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).

Action-Not Available
Vendor-MSP360
Product-Backup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32183
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.64%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 08:11
Updated-14 Nov, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.

Action-Not Available
Vendor-openSUSE
Product-tumbleweedTumbleweed
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31246
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_debug_and_provisioning_toolIntel(R) SDP Tool software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3112
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.62%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-14424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-850l_firmwaredir-850ln/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31349
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-12 Dec, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Toolamd_uprof
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-30905
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.25%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 20:47
Updated-17 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-sgi_uv_300_rmc_firmwaresgi_uv_300_rmcintegrity_mc990_x_server_rmc_firmwareintegrity_mc990_x_server_rmcHPE MC990 X RMC firmware
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32221
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.74%
||
7 Day CHG~0.00%
Published-12 Jun, 2023 | 00:00
Updated-04 Jan, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EaseUS Todo Backup may allow local privilege escalation

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.

Action-Not Available
Vendor-easeusEaseUS
Product-todo_backupTodo Backup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-31359
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.01% / 1.77%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 17:15
Updated-16 May, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-aim-t_manageability_apiAIM-T Manageability API
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32638
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-arc_rgb_controllerIntel Arc RGB Controller software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-29244
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.83%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:03
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_p14e_laptop_elementIntel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32543
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.91%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-intelligent_test_systemIntel(R) ITS sofware
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-32663
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.91%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-15 Oct, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-realsense_software_development_kitIntel(R) RealSense(TM) SDKs in version 2.53.1
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28739
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 15.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-07 Jan, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Driver Softwarechipset_driver_software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28966
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.85%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27305
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-02 Aug, 2024 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windowsarc_a_graphicsiris_xe_graphicsIntel(R) Arc(TM) Control software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-28079
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.48%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 15:20
Updated-10 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-powerpathPowerPath Windows
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-27382
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.41%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-nuc_p14e_laptop_elementwindows_10Intel(R) NUC P14E Laptop Element software for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3579
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 13:50
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.

Action-Not Available
Vendor-Bitdefender
Product-total_securityendpoint_security_toolsENdpoint Security Tools for WindowsTotal Security
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25941
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 10:22
Updated-11 Feb, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-25542
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 10.87%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 06:17
Updated-10 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agent Dell Trusted Device Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-24460
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.12% / 31.22%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-23 Jan, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzersIntel(R) GPA software installersgraphics_performance_analyzer
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-23583
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.77%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/LinuxNetApp, Inc.
Product-core_i5-1145gre_firmwarexeon_d-2796tecore_i7-11850he_firmwarexeon_d-1627_firmwarecore_i7-11370h_firmwarexeon_d-2738core_i7-11700fxeon_platinum_8362core_i7-1160g7core_i5-1035g7xeon_gold_6338core_i7-10850hxeon_d-2777nxxeon_d-1527xeon_gold_6338t_firmwarexeon_d-2766ntcore_i7-1185grecore_i3-1125g4_firmwarecore_i7-11375hcore_i7-11800h_firmwarecore_i7-10870h_firmwarexeon_silver_4309yxeon_platinum_8352yxeon_platinum_8380h_firmwarecore_i3-1110g4_firmwarexeon_platinum_8360hl_firmwarecore_i5-11600_firmwarexeon_d-1746ter_firmwarexeon_gold_6354_firmwarexeon_d-2163it_firmwarecore_i5-1140g7_firmwarecore_i3-1110g4core_i5-10210uxeon_gold_6326xeon_d-2776ntxeon_d-1527_firmwarexeon_d-1521_firmwarexeon_d-2798ntxeon_d-1733ntxeon_gold_5317_firmwarecore_i5-10200hxeon_d-1557_firmwarexeon_d-2775te_firmwarecore_i9-11900kf_firmwarexeon_d-2766nt_firmwarexeon_silver_4316core_i5-1035g4core_i5-10400hcore_i7-11700xeon_d-1518xeon_gold_5318y_firmwarecore_i7-10510u_firmwarexeon_d-1714core_i3-10100yxeon_d-2799_firmwarexeon_d-2745nx_firmwarexeon_d-2143itxeon_gold_6348_firmwarexeon_d-2163itcore_i7-11370hcore_i5-10310uxeon_gold_5318s_firmwarecore_i9-11900txeon_d-1734nt_firmwarexeon_d-2161i_firmwarexeon_d-2779_firmwarecore_i7-1195g7_firmwarecore_i5-11600tcore_i5-10310y_firmwarexeon_d-1567_firmwarecore_i7-11850hxeon_d-1567core_i9-11900xeon_d-2777nx_firmwarecore_i7-10510yxeon_platinum_8380hcore_i7-1185g7e_firmwarexeon_d-2173it_firmwarecore_i3-10110ucore_i7-11800hxeon_platinum_8376hxeon_d-1746terxeon_gold_6312u_firmwarexeon_gold_6330xeon_platinum_8362_firmwarecore_i5-10310u_firmwarexeon_silver_4310t_firmwarexeon_d-1531_firmwarexeon_gold_6314ucore_i7-10610u_firmwarexeon_d-2123it_firmwarecore_i5-1155g7core_i7-10710u_firmwarexeon_d-1715tercore_i9-11950hcore_i7-11850hecore_i5-11600core_i5-10300hxeon_d-1571xeon_d-1736_firmwarexeon_platinum_8353hcore_i9-10980hkxeon_gold_6348hcore_i3-1005g1_firmwarexeon_gold_6338_firmwarexeon_d-2173itcore_i7-11700txeon_d-2123itxeon_d-1731nte_firmwarecore_i7-10510ucore_i3-10100y_firmwarexeon_d-2177nt_firmwarexeon_d-1627xeon_d-1533n_firmwarecore_i5-11400h_firmwarexeon_d-2796ntxeon_silver_4309y_firmwarecore_i9-11900hxeon_gold_5320hxeon_platinum_8358p_firmwarecore_i5-11600k_firmwarexeon_gold_5320xeon_platinum_8360yxeon_d-2779xeon_gold_6330h_firmwarexeon_d-1602core_i5-11500h_firmwarecore_i3-11100hecore_i9-11900kxeon_d-1712trxeon_d-1539xeon_d-2796te_firmwarefas9500_firmwarexeon_gold_6338txeon_d-1713ntecore_i7-11700k_firmwarexeon_d-2752ter_firmwarexeon_gold_5318sxeon_d-2733nt_firmwarexeon_d-1649n_firmwarexeon_d-2146ntxeon_d-1577_firmwarecore_i5-11500t_firmwarexeon_platinum_8356h_firmwarecore_i7-1160g7_firmwarexeon_d-2145nt_firmwarecore_i7-11600h_firmwarexeon_d-1726_firmwarexeon_d-2187ntxeon_d-1732texeon_d-2712txeon_d-1537_firmwarecore_i7-10750h_firmwarexeon_d-1541_firmwarecore_i3-1115gre_firmwarexeon_platinum_8380hlxeon_gold_5318nxeon_d-2166nt_firmwarecore_i9-10885hxeon_d-2166ntcore_i5-11400txeon_d-2776nt_firmwarexeon_d-1732te_firmwarecore_i7-1180g7_firmwarexeon_platinum_8358pcore_i5-11300hcore_i9-11900kfxeon_d-2712t_firmwarecore_i5-1145g7core_i3-1125g4xeon_gold_6328h_firmwarexeon_d-1623n_firmwarecore_i7-10750hxeon_d-1548_firmwarexeon_d-1713nte_firmwarexeon_gold_6328hl_firmwarexeon_gold_6342_firmwarexeon_gold_5317core_i7-10875hxeon_d-2183itxeon_platinum_8358_firmwarexeon_platinum_8352m_firmwarexeon_d-1622xeon_d-1559_firmwarexeon_gold_6348h_firmwarexeon_platinum_8356hcore_i9-11900k_firmwarecore_i5-10400h_firmwarexeon_d-2145ntcore_i5-1035g7_firmwarexeon_platinum_8360y_firmwarecore_i5-11400t_firmwarecore_i3-1115g4core_i7-11700f_firmwarefas2820_firmwarexeon_d-1529_firmwarexeon_d-1540_firmwarexeon_d-1637_firmwarexeon_gold_5318h_firmwarexeon_d-1733nt_firmwarexeon_d-2733ntxeon_gold_5320tcore_i5-10210ycore_i5-1140g7xeon_gold_6312uxeon_gold_5320h_firmwarexeon_d-2142it_firmwarexeon_d-2143it_firmwarecore_i5-10210u_firmwarexeon_d-1736xeon_d-1735trxeon_d-1513n_firmwarecore_i3-10110yxeon_d-2795nt_firmwarecore_i5-11400fxeon_d-2752ntexeon_d-1523n_firmwarecore_i5-11500_firmwarexeon_d-2753nt_firmwarexeon_gold_5318n_firmwarexeon_platinum_8352y_firmwarexeon_silver_4314core_i5-1145grecore_i7-1180g7core_i5-11600kfcore_i5-10500h_firmwarexeon_platinum_8358core_i7-11700kfxeon_gold_5315ycore_i7-10870hcore_i9-11950h_firmwarexeon_platinum_8352s_firmwarecore_i5-1035g1core_i5-11260h_firmwarexeon_platinum_8354hcore_i9-11900_firmwarecore_i5-11400f_firmwarexeon_silver_4310_firmwarexeon_gold_6338n_firmwarexeon_d-1718tcore_i3-10110y_firmwarecore_i5-1035g4_firmwarecore_i7-1185g7core_i7-1195g7core_i5-11500txeon_gold_6326_firmwarecore_i7-1165g7xeon_platinum_8351n_firmwarexeon_d-1523nxeon_d-2786nte_firmwarecore_i5-11600kcore_i9-11900h_firmwarecore_i7-11390hxeon_d-2786ntexeon_d-1540xeon_platinum_8368xeon_d-1653ncore_i7-11700kxeon_d-1528xeon_d-1637xeon_d-1577core_i7-11700_firmwarecore_i5-1130g7_firmwarexeon_d-1715ter_firmwarexeon_silver_4310txeon_platinum_8380core_i7-10710uxeon_d-2141ixeon_d-1541xeon_gold_6314u_firmwaredebian_linuxcore_i3-11100he_firmwarexeon_d-1543n_firmwarexeon_platinum_8351nxeon_platinum_8376hl_firmwarecore_i5-11500he_firmwarexeon_d-1633n_firmwarexeon_gold_6330n_firmwarecore_i5-1145g7_firmwarexeon_d-1722ne_firmwarexeon_gold_6336yxeon_platinum_8352vxeon_d-1747ntecore_i5-10210y_firmwarexeon_d-2757nx_firmwarexeon_d-1653n_firmwarexeon_d-1734ntcore_i5-11400hxeon_d-1735tr_firmwarexeon_d-1747nte_firmwarexeon_d-1553nxeon_d-1571_firmwarecore_i9-11900t_firmwarexeon_d-1633nxeon_platinum_8360hlcore_i5-11400_firmwarexeon_d-1548core_i9-11900fxeon_d-1649nxeon_d-1529xeon_platinum_8380_firmwarecore_i7-10510y_firmwarexeon_gold_6330_firmwarecore_i7-11600hcore_i7-11390h_firmwarecore_i9-11980hkxeon_d-1518_firmwarexeon_gold_5320_firmwarexeon_d-2738_firmwarecore_i7-1165g7_firmwarexeon_platinum_8380hl_firmwarexeon_platinum_8360h_firmwarexeon_d-2757nxxeon_d-1713ntcore_i3-1115g4e_firmwarexeon_gold_6354xeon_gold_6336y_firmwarexeon_d-1520xeon_d-2752tercore_i5-1130g7xeon_platinum_8354h_firmwarexeon_d-2799xeon_platinum_8352mcore_i3-1120g4xeon_d-2146nt_firmwarexeon_d-2795ntcore_i3-1120g4_firmwarecore_i5-10310yxeon_d-1739_firmwarexeon_gold_6330hxeon_d-1736ntxeon_d-1713nt_firmwarexeon_gold_5318hxeon_d-1520_firmwarecore_i5-10500hxeon_platinum_8376hlxeon_silver_4316_firmwarecore_i7-1185g7_firmwarexeon_d-2798nt_firmwarexeon_d-1623ncore_i7-10810u_firmwarecore_i5-11600kf_firmwarecore_i5-11320hxeon_d-1531core_i7-10810ucore_i7-11700kf_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i7-11375h_firmwarexeon_d-1722nexeon_gold_6346core_i7-10875h_firmwarecore_i3-1115grexeon_d-2142itcore_i5-11500hxeon_d-1718t_firmwarecore_i7-10610ucore_i5-1035g1_firmwarexeon_d-1622_firmwarexeon_gold_6338ncore_i7-1065g7_firmwarecore_i5-1135g7_firmwarexeon_d-2796nt_firmwareaffa900_firmwarexeon_platinum_8360hxeon_gold_5315y_firmwarecore_i5-11260hxeon_d-1749nt_firmwarexeon_d-1702_firmwarexeon_d-2161iaffa900core_i5-10300h_firmwarexeon_d-2141i_firmwarecore_i3-1115g4ecore_i7-11850h_firmwarexeon_gold_6348xeon_gold_6330ncore_i5-11600t_firmwarecore_i5-10200h_firmwarecore_i9-11900f_firmwarecore_i5-11300h_firmwarexeon_platinum_8368_firmwarecore_i9-11980hk_firmwarecore_i7-11700t_firmwarexeon_d-2798nxxeon_platinum_8352v_firmwarecore_i9-10885h_firmwarexeon_d-2745nxcore_i5-1145g7exeon_gold_5320t_firmwarecore_i5-11500hexeon_d-1748tecore_i5-1145g7e_firmwarexeon_silver_4310core_i7-1185gre_firmwarexeon_silver_4314_firmwarexeon_d-1513nxeon_d-1537xeon_gold_6334xeon_d-2187nt_firmwarexeon_d-2752nte_firmwarecore_i5-11500core_i5-1135g7xeon_d-1739fas2820core_i3-10110u_firmwarexeon_d-1543nxeon_d-1528_firmwarexeon_d-1539_firmwarexeon_d-1559xeon_d-1702xeon_d-1521fas9500xeon_gold_6342xeon_d-1748te_firmwarexeon_d-1749ntxeon_platinum_8353h_firmwarexeon_platinum_8376h_firmwarexeon_d-1712tr_firmwarexeon_d-2798nx_firmwarecore_i7-1185g7exeon_platinum_8352sxeon_gold_6346_firmwarexeon_gold_5318ycore_i3-1005g1xeon_gold_6328hxeon_d-2183it_firmwarexeon_d-2753ntxeon_d-1557xeon_d-2775tecore_i5-11400xeon_gold_6334_firmwarexeon_d-1731ntecore_i7-10850h_firmwarecore_i7-1065g7xeon_d-1714_firmwarexeon_d-1736nt_firmwarexeon_d-1602_firmwarexeon_gold_6328hlxeon_d-1726core_i9-10980hk_firmwarexeon_d-2177ntxeon_d-1553n_firmwareIntel(R) Processors
CWE ID-CWE-1281
Sequence of Processor Instructions Leads to Unexpected Behavior
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-21270
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.48%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 18:00
Updated-18 Dec, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndrioidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21107
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.66%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found