CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
45.2%
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.
Vendor | Product | Version | CPE |
---|---|---|---|
utimaco | block-safe_firmware | 2.0.0 | cpe:2.3:o:utimaco:block-safe_firmware:2.0.0:*:*:*:*:*:*:* |
utimaco | block-safe_firmware | 3.0.0 | cpe:2.3:o:utimaco:block-safe_firmware:3.0.0:*:*:*:*:*:*:* |
utimaco | cryptoserver_cp5_firmware | 5.0.0.0 | cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.0.0.0:*:*:*:*:*:*:* |
utimaco | cryptoserver_cp5_firmware | 5.1.0.0 | cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.1.0.0:*:*:*:*:*:*:* |
utimaco | cryptoserver_cp5_vs-nfd_firmware | 5.1.0.0 | cpe:2.3:o:utimaco:cryptoserver_cp5_vs-nfd_firmware:5.1.0.0:*:*:*:*:*:*:* |
utimaco | paymentserver_firmware | * | cpe:2.3:o:utimaco:paymentserver_firmware:*:*:*:*:*:*:*:* |
utimaco | paymentserver_hybrid_firmware | * | cpe:2.3:o:utimaco:paymentserver_hybrid_firmware:*:*:*:*:*:*:*:* |
utimaco | securityserver_firmware | * | cpe:2.3:o:utimaco:securityserver_firmware:*:*:*:*:*:*:*:* |
microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
More
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
45.2%