CVE-2015-7966

Опубликовано: 02 мар. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.

Ссылки

https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/
Third Party Advisory
https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf
Patch
Third Party Advisory
https://safenet.gemalto.com/technical-support/security-updates/
Vendor Advisory
https://labs.nettitude.com/blog/cve-2015-7596-through-cve-2015-7598-cve-2015-7961-through-cve-2015-7967-safenet-authentication-service-agent-vulnerabilities/
Third Party Advisory
https://labs.nettitude.com/wp-content/uploads/2016/03/160125-1-Gemalto-IDSS-Security-Bulletin-SAS-Agents-Privilege-Escalation.pdf
Patch
Third Party Advisory
https://safenet.gemalto.com/technical-support/security-updates/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gemalto:safenet_authentication_service_windows_logon_agent:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-3rx5-gfw3-66w3