Lucene search

THA-PSIRTVULNRICHMENT:CVE-2024-0197

HistoryFeb 27, 2024 - 12:48 p.m.

CVE-2024-0197 Privilege Escalation in Thales SafeNet Sentinel HASP LDK

2024-02-2712:48:13

CWE-269

THA-PSIRT

github.com

thales safenet sentinel

privilege escalation

windows

installer

local access

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:thalesgroup:safenet_sentinel_hasp:*:*:*:*:*:*:*:*"
    ],
    "vendor": "thalesgroup",
    "product": "safenet_sentinel_hasp",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "9.16",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:thalesgroup:safenet_sentinel_ldk:*:*:*:*:*:*:*:*"
    ],
    "vendor": "thalesgroup",
    "product": "safenet_sentinel_ldk",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "9.16"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

supportportal.thalesgroup.com

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-0197