Japan Vulnerability NotesJVN:90813656JVN#90813656: Wireshark for Windows issue where an arbitrary file may be deleted
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.8%
Wireshark for Windows uses a software updating library called WinSparkle. Wireshark for Windows contains an issue where an arbitrary directory of file may be deleted due to an issue contained in WinSparkle (JVN#96681653).
Impact
An arbitrary directory or file may be deleted with the privileges of the application.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Products Affected
- Wireshark for Windows versions prior to 2.2.3
- Wireshark for Windows versions prior to 2.0.9
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
91.8%