Описание
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
7.3 High
CVSS3
6.2 Medium
CVSS2
Дефекты
Связанные уязвимости
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Уязвимость механизма загрузки DLL-файлов системы удаленного доступа к рабочему столу NoMachine, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3
6.2 Medium
CVSS2