Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-3496

Published: May 22, 2013 | Modified: May 22, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-3496
CWEhttps://cwe.mitre.org/data/definitions/264.html

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

Affected Software

Name Vendor Start Version End Version
Vipnet_client Infotecs * 3.2.10 (including)
Vipnet_coordinator Infotecs * 3.2.10 (including)
Vipnet_personal_firewall Infotecs * 3.1 (including)
Vipnet_safedisk Infotecs * 4.1 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use