CVE-2019-9742

Опубликовано: 13 мар. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attacker to bypass ACLs because Interpreted Device Characteristics lacks FILE_DEVICE_SECURE_OPEN and therefore files and directories "inside" the \.\gdwfpcd device are not properly protected, leading to unintended impersonation or object creation.

Ссылки

https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-03-13-gdata-total-security-acl-bypass.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/bypass/2019/03/12/gdata-total-security-acl-bypass.html
Exploit
Third Party Advisory
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-03-13-gdata-total-security-acl-bypass.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/bypass/2019/03/12/gdata-total-security-acl-bypass.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:*

Версия до 2019-02-22 (исключая)

EPSS

Процентиль: 42%

0.00198

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-r57c-7j7f-h2pm