#Webdrive 9.02 software#
ASW Software AT&T Laboratories Cambridge Atari Inc. KG Aspect Software Aspect Software Aspen Technology Inc. ANZANI TRADING GROUP Aone Software Apple Computer Inc. American Power Conversion (APC) Analog Devices Inc. Allies Computing Allok Soft Inc Allround Automations Allscripts-Misys Healthcare Solutions Inc. Alentum Software AlfaSoft Research Labs ALGOR Inc. AICPCU Aide CAD Systems Incorporated Alden Group Ltd. Adobe Systems Incorporated Advanced Geosciences Inc. +1410 days 🔍 Sources info Advisory: securityfocus.Publisher Name ACD Systems Ltd. OpenVAS Name: South River Technologies WebDrive Local Privilege Escalation VulnerabilityĪctive APT Groups: 🔍 Countermeasures info Recommended: no mitigation known The vulnerability is also documented in the vulnerability database at X-Force ( 53885). It may be suggested to replace the affected object with an alternative product. There is no information about possible countermeasures known. This vulnerability is assigned to T1068 by the MITRE ATT&CK project. Technical details are known, but there is no available exploit. The exploitation doesn't require any form of authentication. Local access is required to approach this attack. This vulnerability is traded as CVE-2009-4606 since. South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
This is going to have an impact on confidentiality, integrity, and availability.
The manipulation of the argument binPath with an unknown input leads to a privilege escalation vulnerability. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in South River Technologies WebDrive 9.02.
The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
