Nuttakorn Tungpoonsup

Name of the Vulnerable Software and Affected Versions: Intel(R) SSD Data Center Tool versions prior to 12/31/2020 Description: The issue is related to incorrect default permissions in the installer, which may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations: For versions downloaded before 12/31/2020, update the Intel(R) SSD Data Center Tool to a version released after 12/31/2020 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Application Control Plus versions prior to 100523 Description: The issue is related to an insecure SSL configuration setting for Nginx, which can lead to Privilege Escalation. Recommendations: For versions prior to 100523, update to version 100523 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco AnyConnect Secure Mobility Client for Windows (affected versions not specified) **Description** A vulnerability in the Network Access Manager and Web Security Agent components could allow an authenticated, local attacker to perform a DLL injection attack by exploiting insufficient validation of resources loaded by the application at run time. The attacker would need valid credentials on the Windows system. To exploit this, an attacker could insert a configuration file in a specific system path, causing a malicious DLL file to be loaded when the application starts, potentially allowing the execution of arbitrary code on the affected machine with SYSTEM privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Digital Delivery versions prior to 3.5.2015 **Description** The issue is related to incorrect default permissions, allowing a locally authenticated low-privileged malicious user to exploit it and run an arbitrary executable with administrative privileges on the affected system. **Recommendations** For Dell Digital Delivery versions prior to 3.5.2015, update to version 3.5.2015 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ManageEngine Applications Manager version 14 with Build 14360 **Description** An issue was discovered in the integrated PostgreSQL component of ManageEngine Applications Manager, where a lack of file permission security allows malicious users in the "Authenticated Users" group to exploit privilege escalation. This can lead to modification of the PostgreSQL configuration, enabling the execution of arbitrary commands to gain full system privilege user access and rights over the system. **Recommendations** For ManageEngine Applications Manager version 14 with Build 14360, consider restricting access to the integrated PostgreSQL component to prevent exploitation until a fix is available. As a temporary workaround, review and secure file permissions to prevent unauthorized modifications to the PostgreSQL configuration.