Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50590

Summary
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
Published At-08 Nov, 2024 | 11:45
Updated At-08 Nov, 2024 | 15:35
Rejected At-
Credits

Local Privilege Escalation via Weak Service Binary Permissions

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SEC-VLab
Assigner Org ID:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:08 Nov, 2024 | 11:45
Updated At:08 Nov, 2024 | 15:35
Rejected At:
▼CVE Numbering Authority (CNA)
Local Privilege Escalation via Weak Service Binary Permissions

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

Affected Products
Vendor
HASOMED
Product
Elefant
Default Status
unaffected
Versions
Affected
  • <24.04.00 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
CWECWE-250CWE-250 Execution with Unnecessary Privileges
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-250
Description: CWE-250 Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-642CAPEC-642 Replace Binaries
CAPEC ID: CAPEC-642
Description: CAPEC-642 Replace Binaries
Solutions

The vendor fixed the issue in version 24.04.00 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater.

Configurations
Workarounds

While workarounds such as modifying the Elefant windows firewall rules and manually adjusting file permissions in the installation folder are feasible workarounds for some of the vulnerabilities, it is recommended to install the patches provided by the vendor.

Exploits
Credits
finder
Tobias Niemann, SEC Consult Vulnerability Lab
finder
Daniel Hirschberger, SEC Consult Vulnerability Lab
finder
Florian Stuhlmann, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/hasomed
third-party-advisory
https://hasomed.de/produkte/elefant/
patch
Hyperlink: https://r.sec-consult.com/hasomed
Resource:
third-party-advisory
Hyperlink: https://hasomed.de/produkte/elefant/
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
hasomed
Product
elefant
CPEs
  • cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 24.04.00 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:08 Nov, 2024 | 12:15
Updated At:08 Nov, 2024 | 19:01

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-250Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-276Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-732Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-250
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-276
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-732
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://hasomed.de/produkte/elefant/551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://r.sec-consult.com/hasomed551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
Hyperlink: https://hasomed.de/produkte/elefant/
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://r.sec-consult.com/hasomed
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

683Records found
CVE-2020-8018
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.03% / 5.72%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 11:35
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User owned /etc in SLES15-SP1-CHOST-BYOS

A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;

Action-Not Available
Vendor-SUSE
Product-linux_enterprise_desktopSUSE Linux Enterprise Server 15 SP1
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-7527
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 16:13
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.

Action-Not Available
Vendor-n/a
Product-somoveSoMove V2.8.1 and prior
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8026
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.58%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 09:25
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
inn: non-root owned files

A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE Tumbleweed inn version 2.6.2-4.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.3.3.1 and prior versions.

Action-Not Available
Vendor-openSUSE
Product-backports_sletumbleweedleapopenSUSE Leap 15.2openSUSE Leap 15.1openSUSE Tumbleweed
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-7314
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.03% / 6.10%
||
7 Day CHG~0.00%
Published-10 Sep, 2020 | 09:50
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation vulnerability in McAfee DXL for Mac

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.

Action-Not Available
Vendor-McAfee, LLC
Product-mcafee_agentMcAfee DXL for Mac shipped with MA
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-50612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.70%
||
7 Day CHG~0.00%
Published-06 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.

Action-Not Available
Vendor-n/aFIT2CLOUD Inc.
Product-cloudexplorer_liten/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8022
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.7||HIGH
EPSS-0.20% / 42.74%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 08:20
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Action-Not Available
Vendor-The Apache Software FoundationopenSUSESUSE
Product-linux_enterprise_serveropenstack_cloudtomcatenterprise_storageopenstack_cloud_crowbarleapSUSE Linux Enterprise Server 12-SP5SUSE OpenStack Cloud Crowbar 8SUSE Linux Enterprise Server 12-SP4SUSE Linux Enterprise Server 12-SP2-BCLSUSE Linux Enterprise Server for SAP 12-SP3SUSE OpenStack Cloud 7SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP 12-SP2SUSE Linux Enterprise Server 12-SP3-LTSSSUSE Linux Enterprise Server 12-SP3-BCLSUSE Enterprise Storage 5SUSE OpenStack Cloud 8SUSE Linux Enterprise Server 12-SP2-LTSSSUSE Linux Enterprise Server for SAP 15
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5895
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.54%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 12:28
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNGINX Controller
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-5974
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-08 Jul, 2020 | 22:55
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetpack_software_development_kitNVIDIA Jetson AGX Xavier, TX1, TX2, and Nano L4T
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-5798
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-07 Dec, 2020 | 12:44
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.

Action-Not Available
Vendor-druvan/a
Product-insyncDruva inSync macOS Client Installers for v6.8.0 and prior
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2023-50236
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Siemens AG
Product-polarion_almPolarion ALM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-6295
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7||HIGH
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:28
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure.

Action-Not Available
Vendor-SAP SE
Product-adaptive_server_enterpriseSAP Adaptive Server Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-5385
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-22516
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-07 Apr, 2022 | 18:21
Updated-17 Sep, 2024 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS driver SysDrv3S allows SYSTEM users on Microsoft Windows to read and write in restricted memory space.

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.

Action-Not Available
Vendor-CODESYS GmbHMicrosoft Corporation
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_rte_slwindowscontrol_win_slCODESYS Control RTE (SL)CODESYS Control Win (SL)CODESYS Control RTE (for Beckhoff CX) SLCODESYS Development System V3
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-23453
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.25%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:34
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.

Action-Not Available
Vendor-HP Inc.
Product-support_assistantHP Support Assistant
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-22960
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-74.63% / 98.81%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-06||Apply updates per vendor instructions.

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Linux Kernel Organization, Inc
Product-linux_kernelcloud_foundationworkspace_one_accessidentity_managervrealize_suite_lifecycle_managervrealize_automationVMware Workspace ONE Access, Identity Manager and vRealize AutomationMultiple Products
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-50446
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-10 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.

Action-Not Available
Vendor-mullvadn/a
Product-mullvad_vpnn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-4270
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.15% / 35.61%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-26839
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 16:37
Updated-16 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Delta Electronics DIAEnergie Incorrect Default Permissions

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-diaenergieDIAEnergie
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-4278
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.08% / 24.69%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 15:20
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137.

Action-Not Available
Vendor-IBM Corporation
Product-platform_lsfspectrum_lsfspectrum_computing_for_high_performance_analyticsSpectrum LSFSpectrum Computing Suite for High Performance AnalyticsSpectrum LSF Suites
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-26344
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 19:58
Updated-25 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-single_event_apiversion
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-22148
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vp_firmwarecentum_cs_3000_firmwarecentum_vpcentum_cs_3000centum_cs_3000_entry_firmwarecentum_vp_entrycentum_cs_3000_entrycentum_vp_entry_firmwareexaopcCENTUM CS 3000ExaopcCENTUM VP
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-22141
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vp_firmwarecentum_cs_3000_firmwarecentum_vpcentum_cs_3000centum_cs_3000_entry_firmwarecentum_vp_entrycentum_cs_3000_entrycentum_vp_entry_firmwareexaopcCENTUM CS 3000ExaopcCENTUM VP
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20441
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-238605611

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3948
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.15%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 17:17
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-workstationfusionFusionWorkstation
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2008-0322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-13 May, 2008 | 20:14
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-20611
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20452
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.50%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20456
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.70%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-3961
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.94%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 15:18
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Microsoft Corporation
Product-windowshorizon_clientVMware Horizon Client for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-20732
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.87%
||
7 Day CHG~0.00%
Published-21 Apr, 2022 | 18:55
Updated-06 Nov, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-virtualized_infrastructure_managerCisco Virtualized Infrastructure Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3626
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.59%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 07:10
Updated-04 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150msm8917sdm670sxr2130qcs605_firmwaresdm670_firmwaresdm636apq8098qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8053_firmwarenicobarmsm8920msm8953sdm450sdm636_firmwareapq8098_firmwaremsm8998_firmwaresdm660msm8920_firmwaresdm630sm8250_firmwareqca6574ausdm710qm215sdm710_firmwaremsm8937msm8905sm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaresaipan_firmwaremsm8917_firmwaresm6150_firmwaremsm8998sm8150sm8250nicobar_firmwaresaipansdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-47712
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.90%
||
7 Day CHG~0.00%
Published-11 May, 2024 | 13:15
Updated-14 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium privilege escalation

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated privileges on the system due to improper permissions control. IBM X-Force ID: 271527.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumSecurity Guardiumsecurity_guardium
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-20435
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.91%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Unauthorized service in the system service, may cause the system reboot. Since the component does not have permission check and permission protection, resulting in EoP problem.Product: AndroidVersions: Android SoCAndroid ID: A-242248367

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-36233
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.21%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:16
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

Action-Not Available
Vendor-Microsoft CorporationAtlassian
Product-windowsbitbucketBitbucket ServerBitbucket Data Center
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-20398
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 19:15
Updated-03 Aug, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-3766
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.81%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:30
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsgenuine_integrity_serviceAdobe Genuine Integrity Service
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0483
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to insecure folder permissions

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowsvss_doctorAcronis VSS Doctor
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-4706
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.50%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1316
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.60%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 20:05
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation

Action-Not Available
Vendor-zerotierzerotierMicrosoft Corporation
Product-windowszerotieronezerotier/zerotierone
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-1038
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.55%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 20:38
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.

Action-Not Available
Vendor-HP Inc.
Product-laptop_17-by0xxxomen_15-ax0xxlaptop_15q-dy1xxxenvy_laptop_17m-ae0xxenvy_x360_convertible_pc_15m-bp1xxnotebook_pc_15-be1xx250_g6_notebook_pcenvy_laptop_17m-bw0xxxomen_15-ax1xxnotebook_14-au0xxprobook_640_g3laptop_14s-dy0xxxprodesk_600_g3_microtower_pcnotebook_14-aq1xxomen_17-an1xxconvertible_x360_11-ab1xxstream_11_pro_g3_notebook_pcengage_one_aio_systempavilion_x360_convertible_11m-ad1xxelitebook_850_g3prodesk_480_g5_microtower_pcelitedesk_800_g4_sffspectre_x360_convertible_15-ap0xxnotebook_15-bf1xxlaptop_14-bw0xxstream_laptop_11-y1xxlaptop_14q-bu1xxprobook_455_g6pavilion_x360_convertible_15-dq0xxxpavilion_notebook_17-ab3xxlaptop_15g-dx0xxxomen_17-an0xxlaptop_15s-fy0xxxprobook_650_g2zbook_17_g4envy_notebook_17-u1xxconvertible_x360_11-ab0xxpavilion_laptop_14-ce1xxxlaptop_15-dy0xxxzbook_15_g3laptop_14q-cy0xxxpavilion_x360_convertible_14-cc0xxspectre_x360_convertible_15-bl1xxlaptop_14-bp1xxlaptop_14-cf0xxxpavilion_laptop_14-bk0xxx360_310_g2_convertible_pcelitebook_840r_g4elitedesk_705_g2_mt_sffspectre_x360_convertible_13-w0xxprodesk_400_g4_microtowerlaptop_15-di0xxxlaptop_15-bs5xxenvy_notebook_17-s1xxlaptop_14s-cr0xxxpavilion_gaming_laptop_15-cx0xxxeliteone_800_g2pavilion_x360_convertible_14q-dh0xxxenvy_laptop_13-ah0xxxprobook_450_g3envy_x360_convertible_m6-ar0xxpavilion_laptop_15-cc7xxprobook_470_g4stream_14_pro_notebook_pcnotebook_14-ar0xxprodesk_600_g2_dmelitebook_725_g4laptop_14s-dk0xxxpavilion_15-bc000_notebook_pc_series_\(touch\)290_g1_microtower_pclaptop_15-db0xxxpavilion_x360_convertible_11-ad1xxprodesk_480_g4_microtower_pcpavilion_gaming_laptop_15-dk0xxxproone_440_g4zbook_15u_g3envy_x360_convertible_13-y0xxlaptop_15q-bu1xxpavilion_x360_convertible_15-br0xxzhan_66_pro_15_g2laptop_14-bs1xxpavilion_14_g1_notebook_pcpavilion_x360_convertible_14m-dh0xxxlaptop_14s-dm0xxxlaptop_14s-bc1xxproone_600_g2laptop_14s-dr0xxxelitedesk_800_g2_sffnotebook_17-x1xxpavilion_x360_convertible_14q-cd1xxxprodesk_400_g5_microtowerenvy_x360_convertible_15-w2xxelitebook_745_g5notebook_14-as0xxlaptop_15g-dr0xxxomen_17-cb0xxxlaptop_17-ak0xxenvy_x360_convertible_pc_15m-bp0xxprobook_430_g4laptop_14g-cr0xxxnotebook_17-ad1xxpavilion_notebook_17-ab0xxlaptop_15g-br0xxpavilion_x360_convertible_14m-ba1xxelitebook_755_g5envy_notebook_15-as1xxlaptop_14q-cy1xxxstream_14-ax000_laptop_pcstream_11_pro_g4pavilion_x360_convertible_11-u1xx15-f200_notebook_pc_touchprobook_440_g3laptop_15-bs1xxnotebook_14-an0xxlaptop_14s-bc0xxpavilion_x360_convertible_15-bk1xxnotebook_14-am1xxenvy_x360_convertible_15m-dr0xxxpro_tablet_608_g1notebook_15-f3xxnotebook_14-ar1xxlaptop_15-ra0xxzbook_14u_g4pro_x2_612_g2260_g3_desktop_minilaptop_14s-bp0xxpavilion_x360_convertible_m1-u0xxprodesk_680_g2_microtower_pcelitedesk_800_65w_g2_desktop_mini_pcpavilion_x360_convertible_14-cc1xxzhan_99_g1_mobile_workstationeliteone_1000_g2pavilion_15-bc000_notebook_pc_seriesenvy_x360_convertible_15m-cn0xxxpavilion_laptop_14-bf0xxlaptop_15g-bx0xxnotebook_14-aq0xxpavilion_notebook_15-bc3xxprobook_430_g3probook_11_g2250_g5_notebook_pc260_g3_desktop_mini_pcspectre_x2_detachable_12-c0xxprodesk_400_g3_sfflaptop_14g-br1xxlaptop_15s-dr0xxxlaptop_15-bs2xxnotebook_15-bg1xxelitebook_725_g3elitebook_1030_g1envy_laptop_17m-ce0xxxpavilion_laptop_15-cs0xxxpavilion_laptop_17-ar0xxenvy_x360_convertible_15-aq1xxprodesk_400_g3_dmspectre_folio_convertible_13-ak0xxxprodesk_600_g3_desktop_minipavilion_laptop_15-ck0xx280_g3_pci_microtower_pcelitedesk_800_g3_sff255_g7_notebook_pcelitebook_745_g4probook_650_g3envy_laptop_17-ce0xxxelitebook_revolve_810_g3elitebook_846_g5pavilion_notebook_15-dp0xxx255_g5_notebook_pcnotebook_15-ba0xxlaptop_14-di0xxxelitebook_1050_g1laptop_14-dk0xxxspectre_pro_x360_g2_convertible_pcelitedesk_800_35w_g2_desktop_mini_pclaptop_17-ca0xxxpavilion_x360_14_g1_convertible_pcenvy_x360_convertible_15-bq0xx255_g6_notebook_pcpavilion_laptop_15-cs1xxxlaptop_14-di1xxxpavilion_laptop_14-ce0xxxzbook_17_g2notebook_17-x0xx240_g5_notebook_pcprobook_455_g3probook_655_g2vr_backpack_g2zhan_66_pro_a_g1spectre_x360_convertible_15-ch0xx288_pro_g3_microtower_pcelitedesk_880_g4_tower_pcelitebook_840_g5_healthcare_editionlaptop_15-dw0xxxpavilion_x360_convertible_11m-ad0xxstream_laptop_11-ak0xxxelitebook_830_g5zbook_15_g2laptop_14-cm1xxxenvy_x360_convertible_15-cn0xxxlaptop_14s-be0xxzbook_studio_g4probook_446_g3envy_laptop_17m-ae1xxlaptop_14q-bu0xxlaptop_14s-cs1xxxomen_15-dc0xxxspectre_x360_convertible_15-df0xxxlaptop_17g-cr0xxxpavilion_17-ab000_notebook_pc_series_\(touch\)laptop_17-by1xxxelitedesk_800_65w_g3_desktop_mini_pcelitedesk_705_g4_microtower_pcspectre_laptop_13-af0xxspectre_x360_convertible_13-ap0xxxpavilion_laptop_15-cw1xxxelitebook_1040_g2elitebook_755_g4zbook_15u_g4elitedesk_705_g3_microtower_pcprobook_440_g6laptop_14s-cs0xxxlaptop_15-bw5xxnotebook_pc_15-bd1xxlaptop_17-bs0xxprobook_x360_11_g3_education_editionelitebook_828_g3eliteone_1000_g1envy_x360_convertible_13-ar0xxxpavilion_power_laptop_15-cb0xxpavilion_laptop_14-bf6xxproone_600_g4spectre_notebook_13-v1xxenvy_x360_convertible_pc_15-bp1xxnotebook_pc_15-be0xxlaptop_14-bs0xxlaptop_14-bs5xxenvy_notebook_15-as0xxenvy_x360_convertible_15m-bq1xxlaptop_14s-dp0xxxlaptop_14-ma1xxxenvy_x360_convertible_13m-ar0xxxelitebook_840_g3stream_11_pro_g5_notebook_pcprobook_640_g4probook_645_g3elitebook_840_g4omen_15-dg0xxxpavilion_notebook_14-al1xxpavilion_notebook_17-ab2xxprodesk_600_g2_sffomen_17-w0xxprodesk_600_g3_sffnotebook_pc_15-ay1xxenvy_x360_convertible_15m-cp0xxxlaptop_15-di1xxxpavilion_x360_convertible_14-ba2xxpavilion_laptop_15-cu1xxxprodesk_400_g2_dmelitedesk_800_35w_g3_desktop_mini_pclaptop_14g-cx0xxxeliteone_800_g3pavilion_x360_convertible_11-u0xxpavilion_laptop_15-cc5xxelitedesk_880_g3_tower_pczbook_studio_g5elitebook_840_g5laptop_14s-bp1xxlaptop_15-bs0xxenvy_x360_convertible_15-aq2xxlaptop_14q-bu2xxenvy_laptop_13-ad0xxlaptop_15q-ds0xxxlaptop_14q-cs0xxxprobook_x360_440_g1pavilion_notebook_15-bc4xxelitebook_820_g4laptop_14g-cx1xxxnotebook_15-bg0xxlaptop_15-bw6xxelitebook_850_g5pavilion_x360_convertible_11m-ap0xxxlaptop_15q-by0xxlaptop_15g-br1xxpavilion_x360_convertible_15-br1xxlaptop_14-ck0xxxpavilion_laptop_15-cc0xxenvy_x360_convertible_pc_15-bp000elitebook_848_g3elitebook_x360_1040_g5elitebook_755_g3elitebook_folio_g1pavilion_x360_convertible_15-cr0xxxlaptop_14g-br2xxprobook_650_g4pavilion_x360_convertible_14-ba1xxenvy_x360_convertible_13-ag0xxxlaptop_14-bs2xxenvy_x360_convertible_15m-bq0xxspectre_x360_convertible_13-42xxprodesk_680_g4_microtower_pc\(with_pci_slot\)notebook_17-ac0xxlaptop_17g-br1xxenvy_notebook_13-d1xxzhan_86_pro_g1elite_x2_1013_g3elitebook_x360_1020_g2spectre_x360_convertible_13-ae0xxelitebook_x360_1030_g3envy_x360_convertible_15-dr0xxxzhan_66_pro_13_g2laptop_15-bs6xxenvy_laptop_17-bw0xxxzbook_studio_x360_g5zhan_66_pro_14_g2probook_445_g6elitedesk_800_g3_tower_pcelitedesk_705_g3_desktop_minilaptop_14s-dq0xxxprobook_645_g2notebook_17-ac1xxpavilion_notebook_17-ab4xxprodesk_680_g3_microtower_pczbook_15v_g5_mobile_workstation280_g3_microtower_pcpavilion_notebook_14-al0xxlaptop_14q-by0xxenvy_laptop_13-aq0xxxenvy_x360_convertible_15-ds0xxxprobook_430_g5laptop_15q-dy0xxxelitedesk_800_65w_g4_desktop_mini_pcpavilion_x360_convertible_14-dh0xxxpavilion_notebook_14-av0xxprobook_x360_11_g2laptop_15s-du0xxxnotebook_15-ba1xxnotebook_pc_15-ay0xxelitedesk_800_g2_twrprodesk_400_g4_sffpavilion_notebook_15-au0xxlaptop_17q-cs0xxxspectre_x360_convertible_15-bl0xx340_g5_notebook_pcomen_15-ce0xxlaptop_15g-dx1xxxomen_17-ap0xxelitebook_828_g4elitebook_850_g4pavilion_x360_convertible_14m-ba0xxelitebook_x360_1030_g2engage_go_mobile_system258_g7_notebook_pcenvy_x360_convertible_15-cp0xxxenvy_x2_detachable_12-g0xxlaptop_15-bs7xxlaptop_14-dq0xxxenvy_laptop_13-ah1xxxlaptop_17-bs1xxlaptop_14s-be1xxelitebook_820_g3pavilion_x360_convertible_14-ba0xxlaptop_15-ra1xxelite_x2_1012_g2pavilion_laptop_14-ce2xxxspectre_laptop_13-af1xxenvy_laptop_17-ae0xxpavilion_x360_convertible_13-u0xxpavilion_gaming_laptop_17-cd0xxxlaptop_14-cf1xxxzhan_66_pro_g1envy_notebook_17-u2xxelitebook_836_g5pavilion_notebook_15-au1xxprodesk_400_g4_dmproone_400_g2laptop_17q-bu1xxlaptop_17-ca1xxxnotebook_14-am0xxpavilion_x360_convertible_m1-u1xxomen_15-ax2xxenvy_x360_convertible_15-bq1xxpavilion_x360_convertible_14q-cd0xxxlaptop_14s-cr1xxxprobook_455_g4probook_450_g4laptop_17g-cr1xxxlaptop_14g-br0xxenvy_x360_convertible_13m-ag0xxxlaptop_15q-ds1xxxlaptop_14g-cr1xxxeliteone_800_g4omen_17-w1xxprobook_470_g5pavilion_x360_convertible_11-ad0xxomen_15-ce1xxpavilion_laptop_15-cu0xxxlaptop_15-db1xxxlaptop_14-cm0xxxenvy_x360_convertible_15-bq2xxlaptop_17g-br0xxnotebook_pc_15-ay5xxlaptop_15s-fq0xxxpro_x2_612_g1laptop_15-da0xxxlaptop_14q-cs1xxxnotebook_17-y0xxpavilion_laptop_15-cc6xxelitedesk_880_g2_tower_pcpavilion_15-bc500_laptopprobook_655_g3elitedesk_800_g4_tower_pcnotebook_15-bf0xxpavilion_notebook_17-g2xxlaptop_14-bs6xxpavilion_laptop_14-bf1xxenvy_x360_convertible_15-aq0xxproone_600_g3laptop_15s-dy0xxxlaptop_15-da1xxxpavilion_x360_convertible_m3-s000pavilion_laptop_15-cs2xxxpavilion_x360_convertible_11-ap0xxxlaptop_15s-fr0xxxlaptop_14-ma0xxxlaptop_15-bw0xxpavilion_notebook_15-aw1xxenvy_x360_convertible_15m-ds0xxxpavilion_laptop_15-cc1xxprobook_645_g4laptop_15g-dr1xxxpavilion_laptop_15-cd0xxprobook_x360_11_g1zbook_15_g5notebook_pc_15-bd0xx240_g6_notebook_pcprobook_450_g5pavilion_notebook_15-bc2xxenvy_laptop_17-ae1xx240_g7_notebook_pcpavilion_laptop_14-bk1xxomen_15-dh0xxxelitebook_1040_g4elitebook_735_g5notebook_17-ad0xxprodesk_600_g2_microtower_pcelitedesk_705_g3_sff_pcpavilion_x360_convertible_15-bk0xxprobook_470_g3laptop_17q-cs1xxxenvy_x360_convertible_15-ar0xxenvy_x360_convertible_15-cn1xxxengage_flex_pro-c_retail_systempavilion_x360_convertible_13-u1xxspectre_x360_convertible_13-ac0xxspectre_pro_13_g1_notebook_pcpavilion_laptop_15-cw0xxxelitebook_848_g4omen_17-w2xxprobook_640_g2pavilion_laptop_13-an0xxxprobook_440_g5probook_430_g6laptop_17q-bu0xxlaptop_14s-cf0xxx245_g6_notebook_pcstream_11_pro_g4_notebook_pcelite_x2_1012_g1laptop_14-bp0xxlaptop_14s-cf1xxxprobook_440_g4probook_450_g6pavilion_notebook_17-g1xxproone_480_g3zbook_15_g4245_g7_notebook_pcenvy_laptop_13-ad1xxlaptop_14-ck1xxxjumpstartlaptop_15q-bu0xxlaptop_14g-bx0xxspectre_notebook_13-v0xxHP Jumpstart
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-0652
Matching Score-4
Assigner-Sophos Limited
ShareView Details
Matching Score-4
Assigner-Sophos Limited
CVSS Score-3.3||LOW
EPSS-0.05% / 13.37%
||
7 Day CHG~0.00%
Published-21 Mar, 2022 | 23:45
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.

Action-Not Available
Vendor-Sophos Ltd.
Product-unified_threat_managementSophos UTM
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25814
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3595
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.89%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:17
Updated-13 Nov, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wanCisco SD-WAN Solution
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-13149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 19:39
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.

Action-Not Available
Vendor-msin/a
Product-dragon_centern/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-41231
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-24 Oct, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-assistive_context-aware_toolkitACAT software maintained by Intel(R)assistive_context-aware_toolkit
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13554
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:14
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/scadaAdvantech
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-28392
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.86%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

Action-Not Available
Vendor-Siemens AG
Product-simaris_configurationSIMARIS configuration
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-13532
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.05% / 15.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:50
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-dreamreportn/a
Product-dream_reportDream Report
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-24113
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to excessive permissions assigned to child processes

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-cyber_protectcyber_protect_home_officewindowstrue_imageagentAcronis Cyber Protect 15Acronis AgentAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-23743
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.07%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 00:00
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-zonealarmZoneAlarm.
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found