CVE-2024-36495

June 24, 2024, 12:57 p.m.

Tags

CWE-276
551230f0-3615-47bd-b7cc-93e92e730bbf
2024-06-24
CVE-2024-36495

Product(s) Impacted

Faronics WINSelect

  • Standard
  • Enterprise

Description

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Weaknesses

CWE-276
Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE ID: 276

Date

Published: June 24, 2024, 9:15 a.m.

Last Modified: June 24, 2024, 12:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

551230f0-3615-47bd-b7cc-93e92e730bbf

References

https://r.sec-consult.com/winselect
551230f0-3615-47bd-b7cc-93e92e730bbf
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
551230f0-3615-47bd-b7cc-93e92e730bbf