Adaware Protect privilege escalation | CVE-2022-31464

June 21, 2022

NAME

Adaware Protect privilege escalation

  • Platforms Affected:
    Adaware Protect 1.2.439.4251
  • Risk Level:
    7.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Privileges

DESCRIPTION

Adaware Protect could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure permissions configuration. By changing the service binary path, an attacker could exploit this vulnerability to escalate privileges.

CVSS 3.0 Information

  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Local
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Unavailable

MITIGATION

No remedy available as of June 16, 2022.

  • Reference Link:
    https://r0h1rr1m.medium.com/adaware-protect-local-privilege-escalation-through-insecure-service-permissions-44d0eeb6c933
  • Reference Link:
    https://www.adaware.com/

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

news

Ransomware Groups Exploit Cloud Services for Data Exfiltration and Attacks

November 17, 2024
news

Zero-Day Vulnerability Discovered by watchTowr in Fortinet Products

November 17, 2024
news

O2’s Innovative AI Granny Tackles Scam Callers with Engaging Tales

November 17, 2024
news

Palo Alto Networks Zero-Day Vulnerability Actively Exploited: A Critical Security Advisory

November 17, 2024
news

Bitfinex Hacker Ilya Lichtenstein Sentenced to Five Years for $4.5 Billion Crypto Heist

November 17, 2024