Описание
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
Ссылки
- PatchVendor Advisory
- PatchUS Government Resource
- Exploit
- PatchVendor Advisory
- PatchUS Government Resource
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*
cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02064
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
EPSS
Процентиль: 83%
0.02064
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-310