Lucene search

K
nvd[email protected]NVD:CVE-2007-5665
HistoryJan 09, 2008 - 12:46 a.m.

CVE-2007-5665

2008-01-0900:46:00
CWE-264
web.nvd.nist.gov
1

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.

Affected configurations

Nvd
Node
novellzenworks_endpoint_security_managementRangeโ‰ค3.5

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%