PT-2017-15326 · Nxp+1 · Nfc Port+3
Eili Masami
·
Published
2017-08-02
·
Updated
2017-08-23
·
CVE-2017-2286
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NFC Port Software versions 5.5.0.6 and earlier
NFC Port Software versions 5.3.6.7 and earlier
PC/SC Activator for Type B version 1.2.1.0 and earlier
SFCard Viewer 2 version 2.5.0.0 and earlier
NFC Net Installer version 1.1.0.0 and earlier
Description
The issue allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability.
Recommendations
For NFC Port Software versions 5.5.0.6 and earlier, update to a version later than 5.5.0.6.
For NFC Port Software versions 5.3.6.7 and earlier, update to a version later than 5.3.6.7.
For PC/SC Activator for Type B version 1.2.1.0 and earlier, update to a version later than 1.2.1.0.
For SFCard Viewer 2 version 2.5.0.0 and earlier, update to a version later than 2.5.0.0.
For NFC Net Installer version 1.1.0.0 and earlier, update to a version later than 1.1.0.0.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nfc Net Installer
Nfc Port
Pc/Sc Activator For Type B
Sfcard Viewer 2