PT-2022-16338 · Win-911 · Win-911

Noam Moshe

Published

2022-02-24

Updated

2022-03-07

CVE-2022-23922

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WIN-911 versions 2021 R1 through 2021 R2

Description The issue is related to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.

Recommendations For versions 2021 R1 and 2021 R2, consider restricting write access to the Program Announcer directory to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2022-23922

Affected Products

Win-911

PT-2022-16338 · Win-911 · Win-911

CVE-2022-23922

Weakness Enumeration

Related Identifiers

Affected Products

References · 4