Описание
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
Ссылки
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 24.1 (включая) до 24.1.4 (включая)Версия от 24.2 (включая) до 24.2.8 (исключая)Версия от 25.1 (включая) до 25.1.6 (исключая)
Одно из
cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*
cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*
cpe:2.3:a:drivelock:drivelock:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00015
Низкий
6.1 Medium
CVSS3
8.4 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-732
Связанные уязвимости
CVSS3: 6.1
github
около 2 месяцев назад
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
EPSS
Процентиль: 3%
0.00015
Низкий
6.1 Medium
CVSS3
8.4 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-732