Florian Bogner

**Nome do software vulnerável e versões afetadas: Versões do Securepoint SSL VPN Client anteriores à 2.0.32 Descrição: O problema diz respeito a um tratamento inseguro da configuração que permite a escalada de privilégios locais para NT AUTHORITYSYSTEM. Um usuário local sem privilégios pode modificar a configuração do OpenVPN armazenada em “%APPDATA%Securepoint SSL VPN” e adicionar um arquivo de script externo que é executado como um usuário com privilégios. Recomendações: Para versões anteriores à 2.0.32, atualize para a versão 2.0.32 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à configuração do OpenVPN armazenada em “%APPDATA%Securepoint SSL VPN” para impedir que usuários sem privilégios a modifiquem. Além disso, evite usar arquivos de script externos na configuração do OpenVPN até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** Rapid7 Insight Agent versions 2.6.3 and prior **Description** The issue is related to an uncontrolled DLL search path, allowing a malicious local user to elevate to SYSTEM privileges. This occurs when the Python interpreter attempts to load python3.dll from a writable location, specifically "C:DLLspython3.dll". **Recommendations** For Rapid7 Insight Agent versions 2.6.3 and prior, update to version 2.6.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GSI WiNPAT Portal versions 3.2.0.1001 through 3.6.1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` field in the login form. **Recommendations** For versions 3.2.0.1001 through 3.6.1.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** HiSuite version 4.0.5.300 OVE **Description** The issue is related to an information leak. An attacker with system login capabilities can exploit this to copy the user's proxy password, resulting in information leaks. **Recommendations** For HiSuite version 4.0.5.300 OVE, consider restricting access to sensitive information and system login to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei HiSuite version 4.0.5.300 OVE **Description** The issue concerns the use of insecure HTTP for software package downloads and the lack of integrity checks on the downloaded packages. This allows an attacker to potentially launch a Man-In-The-Middle (MITM) attack, interrupting or replacing the software package, which could further compromise the PC. **Recommendations** For Huawei HiSuite version 4.0.5.300 OVE, consider disabling the automatic software update feature until a secure update mechanism is implemented. Restrict access to the upgrade software package download feature to minimize the risk of exploitation. Avoid using insecure HTTP connections for software package downloads; instead, use a secure connection such as HTTPS. As a temporary workaround, manually verify the integrity of the software package before installing it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei HiSuite version 4.0.5.300 OVE **Description** The issue is related to a dynamic link library (DLL) hijack, where an attacker can make the system load malicious DLL files to execute arbitrary code. **Recommendations** For version 4.0.5.300 OVE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.