Lucene search

K
cveMitreCVE-2017-7180
HistoryJun 08, 2017 - 12:29 p.m.

CVE-2017-7180

2017-06-0812:29:00
CWE-428
mitre
web.nvd.nist.gov
44
cve-2017-7180
net monitor for employees pro
security feature bypass
unquoted service path
nvd
vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.8%

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented “Block applications” design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.

Affected configurations

Nvd
Node
eduiqnet_monitor_for_employeesRange5.3.4professional
VendorProductVersionCPE
eduiqnet_monitor_for_employees*cpe:2.3:a:eduiq:net_monitor_for_employees:*:*:*:*:professional:*:*:*

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.8%