Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-36497
PUBLISHED
More InfoOfficial Page
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2024 | 09:06
Updated At-13 Feb, 2025 | 17:52
Rejected At-
▼CVE Numbering Authority (CNA)
Unhashed Storage of Password

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

Affected Products
Vendor
Faronics
Product
WINSelect (Standard + Enterprise)
Default Status
affected
Versions
Unaffected
  • 8.30.xx.903 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-312CWE-312 Cleartext Storage of Sensitive Information
Type: CWE
CWE ID: CWE-312
Description: CWE-312 Cleartext Storage of Sensitive Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-578CAPEC-578 Disable Security Software
CAPEC ID: CAPEC-578
Description: CAPEC-578 Disable Security Software
Solutions

The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL: https://www.faronics.com/document-library/document/download-winselect-standard   The vendor provided the following changelog: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

Configurations
Workarounds
Exploits
Credits
finder
Daniel Hirschberger | SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/winselect
third-party-advisory
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
release-notes
http://seclists.org/fulldisclosure/2024/Jun/12
N/A
Hyperlink: https://r.sec-consult.com/winselect
Resource:
third-party-advisory
Hyperlink: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Resource:
release-notes
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/12
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
faronics
Product
winselect
CPEs
  • cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 8.30.xx.903 (custom)
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/winselect
third-party-advisory
x_transferred
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
release-notes
x_transferred
http://seclists.org/fulldisclosure/2024/Jun/12
x_transferred
Hyperlink: https://r.sec-consult.com/winselect
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Resource:
release-notes
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/12
Resource:
x_transferred
Details not found