Search criteria
12 vulnerabilities
CVE-2025-41459 (GCVE-0-2025-41459)
Vulnerability from cvelistv5 – Published: 2025-07-21 11:01 – Updated: 2025-08-27 06:34
VLAI?
Summary
Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection.
Severity ?
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Two App Studio | Journey |
Affected:
0 , ≤ 5.5.9
(semver)
|
Credits
Hannes Allmann (cirosec GmbH) <hannes.allmann@cirosec.de>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T12:24:57.637907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T12:25:07.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"iOS"
],
"product": "Journey",
"vendor": "Two App Studio",
"versions": [
{
"lessThanOrEqual": "5.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The runtime manipulation bypass of the local biometric bypass requires a jailbroken phone."
}
],
"value": "The runtime manipulation bypass of the local biometric bypass requires a jailbroken phone."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hannes Allmann (cirosec GmbH) \u003channes.allmann@cirosec.de\u003e"
}
],
"datePublic": "2020-07-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection."
}
],
"value": "Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T06:34:27.134Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2025-006"
}
],
"source": {
"advisory": "SA-2025-006",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-12T15:07:00.000Z",
"value": "Vendor was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2025-03-25T08:05:00.000Z",
"value": "Second attempt was made to contact vendor via email."
},
{
"lang": "en",
"time": "2025-06-25T10:46:00.000Z",
"value": "Third attempt was made to contact vendor via email."
}
],
"title": "Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-41459",
"datePublished": "2025-07-21T11:01:29.417Z",
"dateReserved": "2025-04-16T10:48:40.810Z",
"dateUpdated": "2025-08-27T06:34:27.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41458 (GCVE-0-2025-41458)
Vulnerability from cvelistv5 – Published: 2025-07-21 11:01 – Updated: 2025-07-21 12:28
VLAI?
Summary
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
Severity ?
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Two App Studio | Journey |
Affected:
0 , ≤ 5.5.9
(semver)
|
Credits
Hannes Allmann (cirosec GmbH) <hannes.allmann@cirosec.de>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T12:28:16.325042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T12:28:22.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"iOS"
],
"product": "Journey",
"vendor": "Two App Studio",
"versions": [
{
"lessThanOrEqual": "5.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability assumes a jailbroken device.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability assumes a jailbroken device."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hannes Allmann (cirosec GmbH) \u003channes.allmann@cirosec.de\u003e"
}
],
"datePublic": "2020-07-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app\u2019s filesystem.\u0026nbsp;"
}
],
"value": "Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app\u2019s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T11:01:13.982Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2025-005"
}
],
"source": {
"advisory": "SA-2025-005",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-12T15:07:00.000Z",
"value": "Vendor was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2025-03-25T08:05:00.000Z",
"value": "Second attempt was made to contact vendor via email."
},
{
"lang": "en",
"time": "2025-06-25T10:46:00.000Z",
"value": "Third attempt was made to contact vendor via email."
}
],
"title": "Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-41458",
"datePublished": "2025-07-21T11:01:13.982Z",
"dateReserved": "2025-04-16T10:48:40.810Z",
"dateUpdated": "2025-07-21T12:28:22.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2306 (GCVE-0-2025-2306)
Vulnerability from cvelistv5 – Published: 2025-05-16 12:10 – Updated: 2025-05-16 13:02
VLAI?
Summary
An Improper Access Control vulnerability was
identified in the file download functionality. This vulnerability allows users
to download sensitive documents without authentication, if the URL is known.
The attack
requires the attacker to know the documents UUIDv4.
Severity ?
5.9 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SYNCPILOT | LIVE CONTRACT |
Affected:
3 , < 5.4.12
(semver)
Affected: 5.5 , < 5.5.4 (semver) Affected: 5.6 , < 5.6.3 (semver) |
Credits
Felix Schmid <felix.schmid@cirosec.de>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:02:34.088925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:02:39.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LIVE CONTRACT",
"vendor": "SYNCPILOT",
"versions": [
{
"lessThan": "5.4.12",
"status": "affected",
"version": "3",
"versionType": "semver"
},
{
"lessThan": "5.5.4",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThan": "5.6.3",
"status": "affected",
"version": "5.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Schmid \u003cfelix.schmid@cirosec.de\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Access Control vulnerability was\nidentified in the file download functionality. This vulnerability allows users\nto download sensitive documents without authentication, if the URL is known.\u003c/p\u003e\n\n\u003cp\u003eThe attack\nrequires the attacker to know the documents UUIDv4.\u003c/p\u003e"
}
],
"value": "An Improper Access Control vulnerability was\nidentified in the file download functionality. This vulnerability allows users\nto download sensitive documents without authentication, if the URL is known.\n\n\n\nThe attack\nrequires the attacker to know the documents UUIDv4."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T12:10:13.895Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"url": "https://www.cirosec.de/sa/sa-2025-004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to versions\u0026nbsp;5.4.12, 5.5.4, 5.6.3 or higher."
}
],
"value": "Update to versions\u00a05.4.12, 5.5.4, 5.6.3 or higher."
}
],
"source": {
"advisory": "SA-2025-004",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-04T23:00:00.000Z",
"value": "Vendor was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2025-03-04T23:00:00.000Z",
"value": "Initial response received from vendor. Vendor acknowledged the vulnerability."
},
{
"lang": "en",
"time": "2025-03-12T23:00:00.000Z",
"value": "Vendor informed us that the issue was resolved."
}
],
"title": "Improper Access Control vulnerability in LIVE CONTRACT",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-2306",
"datePublished": "2025-05-16T12:10:13.895Z",
"dateReserved": "2025-03-14T12:24:19.522Z",
"dateUpdated": "2025-05-16T13:02:39.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2305 (GCVE-0-2025-2305)
Vulnerability from cvelistv5 – Published: 2025-05-16 12:09 – Updated: 2025-05-16 13:04
VLAI?
Summary
A Path traversal vulnerability in the file
download functionality was identified. This vulnerability allows
unauthenticated users to download arbitrary files, in the context of the
application server, from the Linux server.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SYNCPILOT | LIVE CONTRACT |
Affected:
3 , < 5.4.12
(semver)
Affected: 5.5 , < 5.5.4 (semver) Affected: 5.6 , < 5.6.3 (semver) |
Credits
Felix Schmid <felix.schmid@cirosec.de>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:04:19.139164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:04:26.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LIVE CONTRACT",
"vendor": "SYNCPILOT",
"versions": [
{
"lessThan": "5.4.12",
"status": "affected",
"version": "3",
"versionType": "semver"
},
{
"lessThan": "5.5.4",
"status": "affected",
"version": "5.5",
"versionType": "semver"
},
{
"lessThan": "5.6.3",
"status": "affected",
"version": "5.6",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Schmid \u003cfelix.schmid@cirosec.de\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server.\u003c/p\u003e"
}
],
"value": "A Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T12:09:41.347Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"url": "https://www.cirosec.de/sa/sa-2025-003"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to versions\u0026nbsp;5.4.12, 5.5.4, 5.6.3 or higher."
}
],
"value": "Update to versions\u00a05.4.12, 5.5.4, 5.6.3 or higher."
}
],
"source": {
"advisory": "SA-2025-004",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-04T23:00:00.000Z",
"value": "Vendor was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2025-03-04T23:00:00.000Z",
"value": "Initial response received from vendor. Vendor acknowledged the vulnerability."
},
{
"lang": "en",
"time": "2025-03-12T23:00:00.000Z",
"value": "Vendor informed us that the issue was resolved."
}
],
"title": "Local file inclusion vulnerability in LIVE CONTRACT",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-2305",
"datePublished": "2025-05-16T12:09:41.347Z",
"dateReserved": "2025-03-14T12:24:17.830Z",
"dateUpdated": "2025-05-16T13:04:26.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1865 (GCVE-0-2025-1865)
Vulnerability from cvelistv5 – Published: 2025-04-04 09:52 – Updated: 2025-07-07 20:49
VLAI?
Summary
The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elaborate Bytes AG | Virtual CloneDrive |
Affected:
0 , ≤ 5.5.2.0
(semver)
|
Credits
Neodyme AG
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:24:38.266364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:24:50.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"ElbyCDIO.sys"
],
"platforms": [
"Windows"
],
"product": "Virtual CloneDrive",
"vendor": "Elaborate Bytes AG",
"versions": [
{
"lessThanOrEqual": "5.5.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Neodyme AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM.\u003cbr\u003e"
}
],
"value": "The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T20:49:02.467Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://www.elby.ch/de/products/vcd.html"
},
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://neodyme.io/de/advisories/cve-2025-1865/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Virtual CloneDrive Kernel Driver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-1865",
"datePublished": "2025-04-04T09:52:56.627Z",
"dateReserved": "2025-03-03T08:25:33.555Z",
"dateUpdated": "2025-07-07T20:49:02.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0714 (GCVE-0-2025-0714)
Vulnerability from cvelistv5 – Published: 2025-02-17 11:56 – Updated: 2025-02-19 08:29
VLAI?
Summary
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest.
Severity ?
6.5 (Medium)
CWE
- CWE-1204 - Generation of Weak Initialization Vector (IV)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
cirosec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:08:52.631150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:30:07.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Password encryption"
],
"platforms": [
"Windows"
],
"product": "MobaXterm",
"vendor": "Mobatek",
"versions": [
{
"lessThan": "25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Passwords were stored with MobaXterm.\u003cbr\u003e"
}
],
"value": "Passwords were stored with MobaXterm."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "cirosec"
}
],
"datePublic": "2025-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest."
}
],
"value": "The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1204",
"description": "CWE-1204: Generation of Weak Initialization Vector (IV)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T08:29:49.252Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2024-012"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update MobaXterm to v25.0 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereencrypt passwords that were encrypted with a vulnerable version of MobaXterm.\u003c/span\u003e"
}
],
"value": "Update MobaXterm to v25.0 and\u00a0reencrypt passwords that were encrypted with a vulnerable version of MobaXterm."
}
],
"source": {
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-12-16T09:56:00.000Z",
"value": "Mobatek was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2024-12-16T12:53:00.000Z",
"value": "Initial response from Mobatek."
},
{
"lang": "en",
"time": "2024-12-16T14:55:00.000Z",
"value": "Further clarification about the vulnerability."
},
{
"lang": "en",
"time": "2024-12-17T11:04:00.000Z",
"value": "Mobatek acknowledged the vulnerability."
},
{
"lang": "en",
"time": "2025-01-17T23:00:00.000Z",
"value": "A fix was published."
},
{
"lang": "en",
"time": "2025-01-23T23:00:00.000Z",
"value": "The fix was verified by cirosec."
}
],
"title": "Insecure storage of sensitive information in MobaXTerm \u003c25.0.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-0714",
"datePublished": "2025-02-17T11:56:45.283Z",
"dateReserved": "2025-01-24T12:55:11.026Z",
"dateUpdated": "2025-02-19T08:29:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0543 (GCVE-0-2025-0543)
Vulnerability from cvelistv5 – Published: 2025-01-25 16:17 – Updated: 2025-02-05 18:23
VLAI?
Summary
Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| G DATA CyberDefense AG | G DATA Security Client |
Affected:
0 , < 15.8.333
(semver)
|
Credits
Fabian Duschek
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T13:55:14.972209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:23:40.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "G DATA Security Client",
"vendor": "G DATA CyberDefense AG",
"versions": [
{
"lessThan": "15.8.333",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Duschek"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM."
}
],
"value": "Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T16:17:46.634Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0543"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "G DATA Security Client Local privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-0543",
"datePublished": "2025-01-25T16:17:46.634Z",
"dateReserved": "2025-01-17T10:12:08.693Z",
"dateUpdated": "2025-02-05T18:23:40.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0542 (GCVE-0-2025-0542)
Vulnerability from cvelistv5 – Published: 2025-01-25 16:15 – Updated: 2025-02-12 20:01
VLAI?
Summary
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| G DATA CyberDefense AG | G DATA Management Server |
Affected:
0 , < 15.8.333
(semver)
|
Credits
Fabian Duschek
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T14:20:27.912093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:14.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "G DATA Management Server",
"vendor": "G DATA CyberDefense AG",
"versions": [
{
"lessThan": "15.8.333",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabian Duschek"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."
}
],
"value": "Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-25T16:15:09.526Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"url": "https://github.com/nullby73/security-advisories/tree/main/CVE-2025-0542"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "G DATA Management Server Local privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-0542",
"datePublished": "2025-01-25T16:15:09.526Z",
"dateReserved": "2025-01-17T07:53:19.796Z",
"dateUpdated": "2025-02-12T20:01:14.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7273 (GCVE-0-2023-7273)
Vulnerability from cvelistv5 – Published: 2024-10-01 12:34 – Updated: 2024-10-01 13:16
VLAI?
Summary
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.
Severity ?
6.8 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Pascal Geuter <pascal.geuter@cirosec.de>
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kiteworks:owncloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "owncloud",
"vendor": "kiteworks",
"versions": [
{
"lessThan": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T13:15:11.127537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T13:16:05.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OwnCloud",
"repo": "https://github.com/owncloud/core",
"vendor": "Kiteworks",
"versions": [
{
"lessThanOrEqual": "10.12.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pascal Geuter \u003cpascal.geuter@cirosec.de\u003e"
}
],
"datePublic": "2024-10-01T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\u003cbr\u003eIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.\nIf a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T12:34:10.481Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://hackerone.com/reports/2041007"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cirosec.de/sa/sa-2023-012"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to at least version 10.13"
}
],
"value": "Update to at least version 10.13"
}
],
"source": {
"advisory": "SA-2023-012",
"discovery": "EXTERNAL"
},
"title": "Cross Site Request Forgery in Kiteworks OwnCloud",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2023-7273",
"datePublished": "2024-10-01T12:34:10.481Z",
"dateReserved": "2024-08-05T10:46:30.916Z",
"dateUpdated": "2024-10-01T13:16:05.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6510 (GCVE-0-2024-6510)
Vulnerability from cvelistv5 – Published: 2024-09-12 14:18 – Updated: 2024-09-12 15:12
VLAI?
Summary
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AVG | Internet Security |
Affected:
0 , ≤ 24.0
(semver)
Unaffected: 24.1 |
Credits
Kolja Grassmann <kolja.grassmann@cirosec.de>
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avg:internet_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "internet_security",
"vendor": "avg",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T15:10:17.552802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T15:12:46.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Internet Security",
"vendor": "AVG",
"versions": [
{
"lessThanOrEqual": "24.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "24.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kolja Grassmann \u003ckolja.grassmann@cirosec.de\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. \u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e"
}
],
"value": "Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:18:32.152Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2023-008"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update \nAVG Internet Security to 24.1"
}
],
"value": "Update \nAVG Internet Security to 24.1"
}
],
"source": {
"advisory": "SA-2023-008",
"discovery": "USER"
},
"title": "Local privilege escalation vulnerability in AVG Internet Security",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2024-6510",
"datePublished": "2024-09-12T14:18:32.152Z",
"dateReserved": "2024-07-04T11:20:14.543Z",
"dateUpdated": "2024-09-12T15:12:46.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7834 (GCVE-0-2024-7834)
Vulnerability from cvelistv5 – Published: 2024-09-04 12:35 – Updated: 2024-09-04 13:15
VLAI?
Summary
A local privilege escalation is caused by Overwolf
loading and executing certain dynamic link library files from a user-writeable
folder in SYSTEM context on launch. This allows an attacker with unprivileged
access to the system to run arbitrary code with SYSTEM privileges by placing a
malicious .dll file in the respective location.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Lukas Bühl <lukas.buehl@cirosec.de>
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:overwolf:overwolf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "overwolf",
"vendor": "overwolf",
"versions": [
{
"lessThan": "250.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:07:34.850195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:15:24.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Overwolf",
"vendor": "Overwolf",
"versions": [
{
"lessThan": "250.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lukas B\u00fchl \u003clukas.buehl@cirosec.de\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local privilege escalation is caused by Overwolf\nloading and executing certain dynamic link library files from a user-writeable\nfolder in SYSTEM context on launch. This allows an attacker with unprivileged\naccess to the system to run arbitrary code with SYSTEM privileges by placing a\nmalicious .dll file in the respective location.\u003c/p\u003e"
}
],
"value": "A local privilege escalation is caused by Overwolf\nloading and executing certain dynamic link library files from a user-writeable\nfolder in SYSTEM context on launch. This allows an attacker with unprivileged\naccess to the system to run arbitrary code with SYSTEM privileges by placing a\nmalicious .dll file in the respective location."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T12:35:27.628Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2024-004"
}
],
"source": {
"advisory": "SA-2024-004",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation in Overwolf",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2024-7834",
"datePublished": "2024-09-04T12:35:27.628Z",
"dateReserved": "2024-08-15T07:21:21.987Z",
"dateUpdated": "2024-09-04T13:15:24.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6689 (GCVE-0-2024-6689)
Vulnerability from cvelistv5 – Published: 2024-07-15 13:18 – Updated: 2024-08-01 21:41
VLAI?
Summary
Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM.
Severity ?
7.8 (High)
CWE
- CWE-749 - Exposed Dangerous Method or Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| baramundi | Management Agent |
Affected:
0 , ≤ 23.1.172.0
(semver)
|
Credits
Kolja Grassmann <kolja.grassmann@cirosec.de>
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:baramundi:management_agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "management_agent",
"vendor": "baramundi",
"versions": [
{
"lessThanOrEqual": "23.1.172.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T14:22:33.301589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T15:18:24.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.baramundi.com/en-us/security-info/s-2024-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Management Agent",
"vendor": "baramundi",
"versions": [
{
"lessThanOrEqual": "23.1.172.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kolja Grassmann \u003ckolja.grassmann@cirosec.de\u003e"
}
],
"datePublic": "2024-07-15T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM."
}
],
"value": "Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:18:09.079Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.baramundi.com/en-us/security-info/s-2024-01/"
}
],
"source": {
"advisory": "SA-2023-010",
"discovery": "USER"
},
"title": "Local privilege escalation vulnerability in baramundi Management Agent via MSI Installer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2024-6689",
"datePublished": "2024-07-15T13:18:09.079Z",
"dateReserved": "2024-07-11T14:43:50.670Z",
"dateUpdated": "2024-08-01T21:41:04.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}