CVE-2022-34043

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NoMachine version 7.9.2

Description The issue is related to incorrect permissions for the folder C:ProgramDataNoMachinevaruninstall of NoMachine, which allows attackers to perform a DLL hijacking attack and execute arbitrary code. This is due to default permission settings that are not secure. Exploitation of this issue can enable an attacker to execute arbitrary code.

Recommendations For NoMachine version 7.9.2, consider correcting the permissions for the folder C:ProgramDataNoMachinevaruninstall to prevent unauthorized access and mitigate the risk of a DLL hijacking attack. As a temporary workaround, restrict access to this folder until a patch is available.

Exploit

Fix

Incorrect Default Permissions

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-732

Related Identifiers

BDU:2023-01971

CVE-2022-34043

Affected Products

Nomachine

CVE-2022-34043

Weakness Enumeration

Related Identifiers

Affected Products

References · 6