exploitDog

CVE-2009-5152

Опубликовано: 11 мая 2018

Источник: nvd

CVSS3: 4.1

CVSS2: 1.9

EPSS Низкий

Описание

Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.

Ссылки

https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf
Exploit
Technical Description
Third Party Advisory
https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:absolute:computrace_agent:-:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

4.1 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-5hf6-7gxx-55wg

CVSS3: 4.1

github

почти 4 года назад

Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation status to the factory default via a crafted TaskResult.xml file.

EPSS

Процентиль: 16%

0.00052

Низкий

4.1 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-362