Описание
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- MitigationThird Party Advisory
- PatchProductRelease NotesVendor Advisory
- ExploitPatchThird Party AdvisoryVDB Entry
- ExploitMailing ListPatchThird Party Advisory
- MitigationThird Party Advisory
- PatchProductRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.72 (исключая)
cpe:2.3:a:miele:benchmark_programming_tool:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00123
Низкий
7.3 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 7.3
github
почти 4 года назад
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.
EPSS
Процентиль: 32%
0.00123
Низкий
7.3 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-732
CWE-732