CVE-2024-36495 | THREATINT

Description

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

PUBLISHED Reserved 2024-05-29 | Published 2024-06-24 | Updated 2025-02-13 | Assigner SEC-VLab

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status

affected

8.30.xx.903 (custom)

unaffected

Credits

Daniel Hirschberger | SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/winselect third-party-advisory

www.faronics.com/...ocument/winselect-standard-release-notes release-notes

seclists.org/fulldisclosure/2024/Jun/12

r.sec-consult.com/winselect third-party-advisory

www.faronics.com/...ocument/winselect-standard-release-notes release-notes

seclists.org/fulldisclosure/2024/Jun/12

cve.org (CVE-2024-36495)

nvd.nist.gov (CVE-2024-36495)

Download JSON

help @ threatint.eu