PT-2019-19834 · G Data · G Data Total Security

Publicado

2019-03-13

Atualizado

2020-08-24

CVE-2019-9742

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions G Data Total Security versions prior to 2019-02-22

Description The issue allows an attacker to bypass Access Control Lists (ACLs) due to the lack of FILE DEVICE SECURE OPEN in Interpreted Device Characteristics. This leads to improper protection of files and directories within the .gdwfpcd device, resulting in potential unintended impersonation or object creation.

Recommendations For versions prior to 2019-02-22, update to a version released after 2019-02-22 to resolve the issue.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2019-9742

Produtos afetados

G Data Total Security

PT-2019-19834 · G Data · G Data Total Security

CVE-2019-9742

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4