Lucene search

[email protected]CVE-2022-38176

HistorySep 06, 2022 - 9:15 p.m.

CVE-2022-38176

2022-09-0621:15:08

[email protected]

web.nvd.nist.gov

cve-2022-38176

ysoft safeq

privilege escalation

local user

installer package

client v3 services

alternative data stream

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.

Affected configurations

NVD

Node

ysoftsafeqRange6.0.0–6.0.72

CPENameOperatorVersion
ysoft:safeqysoft safeqlt6.0.72

CPE	Name	Operator	Version
ysoft:safeq	ysoft safeq	lt	6.0.72

References

www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation

ysoft.com

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-38176

nvd2 prion2 cvelist2 cnvd1 cve1