Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36495

Summary
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
Published At-24 Jun, 2024 | 08:50
Updated At-13 Feb, 2025 | 17:52
Rejected At-
Credits

Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SEC-VLab
Assigner Org ID:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:24 Jun, 2024 | 08:50
Updated At:13 Feb, 2025 | 17:52
Rejected At:
▼CVE Numbering Authority (CNA)
Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Affected Products
Vendor
Faronics
Product
WINSelect (Standard + Enterprise)
Default Status
affected
Versions
Unaffected
  • 8.30.xx.903 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-75CAPEC-75 Manipulating Writeable Configuration Files
CAPEC ID: CAPEC-75
Description: CAPEC-75 Manipulating Writeable Configuration Files
Solutions

The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL: https://www.faronics.com/document-library/document/download-winselect-standard   The vendor provided the following changelog: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

Configurations
Workarounds
Exploits
Credits
finder
Daniel Hirschberger | SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/winselect
third-party-advisory
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
release-notes
http://seclists.org/fulldisclosure/2024/Jun/12
N/A
Hyperlink: https://r.sec-consult.com/winselect
Resource:
third-party-advisory
Hyperlink: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Resource:
release-notes
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/12
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
faronics
Product
winselect
CPEs
  • cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*
Default Status
affected
Versions
Unaffected
  • From 0 before 8.30.xx.903 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/winselect
third-party-advisory
x_transferred
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
release-notes
x_transferred
http://seclists.org/fulldisclosure/2024/Jun/12
x_transferred
Hyperlink: https://r.sec-consult.com/winselect
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Resource:
release-notes
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/12
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:24 Jun, 2024 | 09:15
Updated At:08 Jul, 2024 | 14:18

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.7HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-276Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-276
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2024/Jun/12551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://r.sec-consult.com/winselect551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/12
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://r.sec-consult.com/winselect
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2020-8022
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.7||HIGH
EPSS-0.20% / 42.74%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 08:20
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Action-Not Available
Vendor-The Apache Software FoundationopenSUSESUSE
Product-linux_enterprise_serveropenstack_cloudtomcatenterprise_storageopenstack_cloud_crowbarleapSUSE Linux Enterprise Server 12-SP5SUSE OpenStack Cloud Crowbar 8SUSE Linux Enterprise Server 12-SP4SUSE Linux Enterprise Server 12-SP2-BCLSUSE Linux Enterprise Server for SAP 12-SP3SUSE OpenStack Cloud 7SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP 12-SP2SUSE Linux Enterprise Server 12-SP3-LTSSSUSE Linux Enterprise Server 12-SP3-BCLSUSE Enterprise Storage 5SUSE OpenStack Cloud 8SUSE Linux Enterprise Server 12-SP2-LTSSSUSE Linux Enterprise Server for SAP 15
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37000
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.33%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 06:47
Updated-18 Mar, 2025 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei wearables have a permission management vulnerability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-255
Not Available
CVE-2024-40805
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.7||HIGH
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 22:17
Updated-10 Dec, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to bypass Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacoswatchOStvOSmacOSiOS and iPadOSiosipad_oswatchostvosmacos
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-27155
Matching Score-4
Assigner-Toshiba Corporation
ShareView Details
Matching Score-4
Assigner-Toshiba Corporation
CVSS Score-7.7||HIGH
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 03:18
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation and Remote Code Execution using insecure permissions

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.

Action-Not Available
Vendor-Toshiba Tec Corporationtoshibatec
Product-Toshiba Tec e-Studio multi-function peripheral (MFP)e-studio-4528-age-studio-2020_ace-studio-3115-nce-studio-2110-ace-studio-2015-nce-studio-3015-nce-studio-2510-ace-studio-3028-ae-studio-5525_ace-studio-5528-ae-studio-2515-nce-studio-4515_ace-studio-2518_ae-studio-400-ace-studio-3118_ae-studio-3525_ace-studio-3118_age-studio-2528-ae-studio-4615_ace-studio-2520_nce-studio-2618_ae-studio-9029-ae-studio-3018_ae-studio-7527-ace-studio-4525_ace-studio-2018_ae-studio-2021_ace-studio-2521_ace-studio-3025_ace-studio-6525_ace-studio-3528-age-studio-6527-ace-studio-2610-ace-studio-5015_ace-studio-6529-ae-studio-3515-nce-studio-6528-ae-studio-3528-ae-studio-3615-nce-studio-7529-ae-studio-2010-ace-studio-4528-ae-studio-2615-nce-studio-6526-ace-studio-5525_acge-studio-330-ace-studio-5115_ace-studio-2525_ace-studio-6525_acge-studio-3525_acg
CWE ID-CWE-276
Incorrect Default Permissions
Details not found