Описание
Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.13 (исключая)
cpe:2.3:a:tinywall:tinywall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00837
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
An attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13.
EPSS
Процентиль: 74%
0.00837
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-502