Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2035 vulnerabilities reference this CWE, most recent first.

CVE-2024-45067 (GCVE-0-2024-45067)

Vulnerability from cvelistv5 – Published: 2025-05-14 22:16 – Updated: 2026-02-26 18:28
VLAI
Summary
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • Escalation of Privilege
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
n/a Intel(R) Gaudi(R) software installers Affected: before version 1.18
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45067",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-17T03:56:08.304041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:07.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Gaudi(R) software installers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 1.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-14T22:16:43.735Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01271.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01271.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-45067",
    "datePublished": "2025-05-14T22:16:43.735Z",
    "dateReserved": "2024-10-09T02:59:22.175Z",
    "dateUpdated": "2026-02-26T18:28:07.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43791 (GCVE-0-2024-43791)

Vulnerability from cvelistv5 – Published: 2024-08-23 14:39 – Updated: 2024-08-23 18:10
VLAI
Title
RequestStore has Incorrect Default Permissions
Summary
RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
steveklabnik request_store Affected: = 1.3.2
Create a notification for this product.
steveklabnik request_store Affected: 1.3.2
    cpe:2.3:a:steveklabnik:request_store:1.3.2:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:steveklabnik:request_store:1.3.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "request_store",
            "vendor": "steveklabnik",
            "versions": [
              {
                "status": "affected",
                "version": "1.3.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-23T15:12:43.345505Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-23T18:10:50.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "request_store",
          "vendor": "steveklabnik",
          "versions": [
            {
              "status": "affected",
              "version": "= 1.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-23T14:39:10.641Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/steveklabnik/request_store/security/advisories/GHSA-frp2-5qfc-7r8m"
        }
      ],
      "source": {
        "advisory": "GHSA-frp2-5qfc-7r8m",
        "discovery": "UNKNOWN"
      },
      "title": "RequestStore has Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43791",
    "datePublished": "2024-08-23T14:39:10.641Z",
    "dateReserved": "2024-08-16T14:20:37.324Z",
    "dateUpdated": "2024-08-23T18:10:50.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43166 (GCVE-0-2024-43166)

Vulnerability from cvelistv5 – Published: 2025-09-03 09:10 – Updated: 2025-11-04 21:08
VLAI
Summary
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Credits
L0ne1y
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-43166",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-03T13:44:48.062064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-03T15:43:19.272Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:08:48.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/03/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache DolphinScheduler",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.2.2",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "L0ne1y"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIncorrect Default Permissions vulnerability in Apache DolphinScheduler.\u003c/p\u003e\u003cp\u003eThis issue affects Apache DolphinScheduler: before 3.2.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e3.3.1\u003c/span\u003e, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Default Permissions vulnerability in Apache DolphinScheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2.\n\nUsers are recommended to upgrade to version 3.3.1, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T09:10:24.401Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/8zd69zkkx55qp365xp4tml1xh9og5lhk"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-43166",
    "datePublished": "2025-09-03T09:10:24.401Z",
    "dateReserved": "2024-08-07T10:39:22.903Z",
    "dateUpdated": "2025-11-04T21:08:48.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42419 (GCVE-0-2024-42419)

Vulnerability from cvelistv5 – Published: 2025-02-12 21:18 – Updated: 2025-02-13 15:19
VLAI
Summary
Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • Escalation of Privilege
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
n/a Intel(R) GPA and Intel(R) GPA Framework software installers Affected: See references
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42419",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T15:19:14.881935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T15:19:23.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) GPA and Intel(R) GPA Framework software installers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-12T21:18:52.201Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01233.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01233.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-42419",
    "datePublished": "2025-02-12T21:18:52.201Z",
    "dateReserved": "2024-08-01T03:00:08.557Z",
    "dateUpdated": "2025-02-13T15:19:23.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39544 (GCVE-0-2024-39544)

Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-11 18:59
VLAI
Title
Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files
Summary
An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved:  * All versions before 20.4R3-S9-EVO,  * 21.2-EVO before 21.2R3-S7-EVO,  * 21.4-EVO before 21.4R3-S5-EVO,  * 22.1-EVO before 22.1R3-S5-EVO,  * 22.2-EVO before 22.2R3-S3-EVO,  * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,  * 22.4-EVO before 22.4R3-EVO,  * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Evolved Affected: 0 , < 20.4R3-S9-EVO (semver)
Affected: 21.2-EVO , < 21.2R3-S7-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S5-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-S2-EVO (semver)
Affected: 22.4-EVO , < 22.4R3-EVO (semver)
Affected: 23.2-EVO , < 23.2R1-S2-EVO, 23.2R2-EVO (semver)
Create a notification for this product.
Date Public
2024-10-09 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39544",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T18:59:25.826891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T18:59:35.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S9-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7-EVO",
              "status": "affected",
              "version": "21.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S2-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NETCONF traceoptions are configured within the following Junos hierarchy:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system services netconf traceoptions]\u003c/tt\u003e"
            }
          ],
          "value": "NETCONF traceoptions are configured within the following Junos hierarchy:\n\n[system services netconf traceoptions]"
        }
      ],
      "datePublic": "2024-10-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An\u0026nbsp;Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\u003cbr\u003e\u003cbr\u003e\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eJunos OS Evolved:\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.2-EVO before 21.2R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4-EVO before 21.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An\u00a0Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information.\n\n\n\nOn all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows \n\na low-privileged user can access sensitive information compromising the confidentiality of the system.\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n\n  *  All versions before 20.4R3-S9-EVO,\u00a0\n  *  21.2-EVO before 21.2R3-S7-EVO,\u00a0\n  *  21.4-EVO before 21.4R3-S5-EVO,\u00a0\n  *  22.1-EVO before 22.1R3-S5-EVO,\u00a0\n  *  22.2-EVO before 22.2R3-S3-EVO,\u00a0\n  *  22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,\u00a0\n  *  22.4-EVO before 22.4R3-EVO,\u00a0\n  *  23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T15:18:38.836Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA88106"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;Junos OS Evolved 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003ch3\u003eRestoration:\u003cbr\u003e\u003c/h3\u003eTo completely remediate this issue, any previously written traceoptions log files should be deleted or have their file permissions changed. See Workaround section above for details."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\u00a0Junos OS Evolved 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\nRestoration:\nTo completely remediate this issue, any previously written traceoptions log files should be deleted or have their file permissions changed. See Workaround section above for details."
        }
      ],
      "source": {
        "advisory": "JSA88106",
        "defect": [
          "1752889"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Disable NETCONF traceoptions and delete any existing traceoptions files in /var/log.\u003cbr\u003e\u003cbr\u003eManually modify the permissions of the NETCONF log file to restore the correct group ownership:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@junos\u0026gt; file change-owner group root /var/log/netconflog.log\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Disable NETCONF traceoptions and delete any existing traceoptions files in /var/log.\n\nManually modify the permissions of the NETCONF log file to restore the correct group ownership:\n\nuser@junos\u003e file change-owner group root /var/log/netconflog.log"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39544",
    "datePublished": "2024-10-11T15:18:38.836Z",
    "dateReserved": "2024-06-25T15:12:53.245Z",
    "dateUpdated": "2024-10-11T18:59:35.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39347 (GCVE-0-2024-39347)

Vulnerability from cvelistv5 – Published: 2024-06-28 06:30 – Updated: 2024-08-02 04:26
VLAI
Summary
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Synology Synology Router Manager (SRM) Affected: 1.3 , < 1.3.1-9346-8 (semver)
Affected: 1.2 , < 1.2.5-8227-11 (semver)
Unknown: 0 , < 1.2 (semver)
Create a notification for this product.
Credits
Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39347",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T14:49:31.346987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:39:01.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Synology-SA-23:16 SRM (PWN2OWN 2023)",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Synology Router Manager (SRM)",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "1.3.1-9346-8",
              "status": "affected",
              "version": "1.3",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.5-8227-11",
              "status": "affected",
              "version": "1.2",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2",
              "status": "unknown",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-28T06:30:10.727Z",
        "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "shortName": "synology"
      },
      "references": [
        {
          "name": "Synology-SA-23:16 SRM (PWN2OWN 2023)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_16"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
    "assignerShortName": "synology",
    "cveId": "CVE-2024-39347",
    "datePublished": "2024-06-28T06:30:10.727Z",
    "dateReserved": "2024-06-24T10:57:17.890Z",
    "dateUpdated": "2024-08-02T04:26:14.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38222 (GCVE-0-2024-38222)

Vulnerability from cvelistv5 – Published: 2024-09-12 03:06 – Updated: 2024-12-31 23:03
VLAI
Title
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Summary
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Edge (Chromium-based) Affected: 1.0.0 , < 128.0.2739.42 (custom)
Create a notification for this product.
Date Public
2024-09-11 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38222",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T13:12:11.199630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T13:14:48.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Edge (Chromium-based)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "128.0.2739.42",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "128.0.2739.42",
                  "versionStartIncluding": "1.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-09-11T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T23:03:26.419Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38222"
        }
      ],
      "title": "Microsoft Edge (Chromium-based) Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-38222",
    "datePublished": "2024-09-12T03:06:49.312Z",
    "dateReserved": "2024-06-11T22:36:08.224Z",
    "dateUpdated": "2024-12-31T23:03:26.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37038 (GCVE-0-2024-37038)

Vulnerability from cvelistv5 – Published: 2024-06-12 16:51 – Updated: 2024-08-02 03:43
VLAI
Summary
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Schneider Electric Sage 1410 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 1430 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 1450 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 2400 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 3030 Magnum Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
Schneider Electric Sage 4400 Affected: Versions C3414-500-S02K5_P8 and prior
Create a notification for this product.
schneider_electric sage_4400 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_4400:*:*:*:*:*:*:*:*
Create a notification for this product.
schneider_electric sage_1430 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_1430:*:*:*:*:*:*:*:*
Create a notification for this product.
schneider_electric sage_2400 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_2400:*:*:*:*:*:*:*:*
Create a notification for this product.
schneider_electric sage_3030m Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_3030m:*:*:*:*:*:*:*:*
Create a notification for this product.
schneider_electric sage_1410 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_1410:*:*:*:*:*:*:*:*
Create a notification for this product.
schneider_electric sage_1450 Affected: 0 , ≤ c3414-500-s02k5_p8 (custom)
    cpe:2.3:h:schneider_electric:sage_1450:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_4400:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_4400",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_1430:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_1430",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_2400:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_2400",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_3030m:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_3030m",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_1410:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_1410",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:schneider_electric:sage_1450:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sage_1450",
            "vendor": "schneider_electric",
            "versions": [
              {
                "lessThanOrEqual": "c3414-500-s02k5_p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T17:44:53.062764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T17:54:11.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-05.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1410",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1430",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 1450",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 2400",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 3030 Magnum",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Sage 4400",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions C3414-500-S02K5_P8 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\n\n\n\nCWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated\nuser with access to the device\u2019s web interface to perform unauthorized file and firmware\nuploads when crafting custom web requests.\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated\nuser with access to the device\u2019s web interface to perform unauthorized file and firmware\nuploads when crafting custom web requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:51:55.800Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-05.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2024-37038",
    "datePublished": "2024-06-12T16:51:55.800Z",
    "dateReserved": "2024-05-31T06:52:05.762Z",
    "dateUpdated": "2024-08-02T03:43:50.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36495 (GCVE-0-2024-36495)

Vulnerability from cvelistv5 – Published: 2024-06-24 08:50 – Updated: 2025-02-13 17:52
VLAI
Title
Read/Write Permissions for Everyone on Configuration File
Summary
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Faronics WINSelect (Standard + Enterprise) Unaffected: 8.30.xx.903 (custom)
Create a notification for this product.
faronics winselect Unaffected: 0 , < 8.30.xx.903 (custom)
    cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Daniel Hirschberger | SEC Consult Vulnerability Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "winselect",
            "vendor": "faronics",
            "versions": [
              {
                "lessThan": "8.30.xx.903",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36495",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T14:37:51.549136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T20:25:37.378Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://r.sec-consult.com/winselect"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jun/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "WINSelect (Standard + Enterprise)",
          "vendor": "Faronics",
          "versions": [
            {
              "status": "unaffected",
              "version": "8.30.xx.903",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hirschberger | SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe application \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFaronics WINSelect (Standard + Enterprise)\u0026nbsp;\u003c/span\u003esaves its configuration in an encrypted file on the file system\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich \"Everyone\" has read and write access to, path to file:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cpre\u003e\u003ccode\u003eC:\\ProgramData\\WINSelect\\WINSelect.wsd\u003c/code\u003e\u003c/pre\u003e\u003cp\u003eThe path for\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe affected WINSelect Enterprise\u003c/span\u003e\u0026nbsp;configuration file is:\u003c/p\u003e\u003cpre\u003e\u003ccode\u003eC:\\ProgramData\\Faronics\\StorageSpace\\WS\\WINSelect.wsd\u003c/code\u003e\u003c/pre\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The application Faronics WINSelect (Standard + Enterprise)\u00a0saves its configuration in an encrypted file on the file system\u00a0which \"Everyone\" has read and write access to, path to file:\n\n\n\nC:\\ProgramData\\WINSelect\\WINSelect.wsd\n\nThe path for\u00a0the affected WINSelect Enterprise\u00a0configuration file is:\n\nC:\\ProgramData\\Faronics\\StorageSpace\\WS\\WINSelect.wsd"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-75",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-75 Manipulating Writeable Configuration Files"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T06:06:05.681Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/winselect"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jun/12"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/document-library/document/download-winselect-standard\"\u003ehttps://www.faronics.com/document-library/document/download-winselect-standard\u003c/a\u003e\u003cbr\u003e \u0026nbsp;\u003c/p\u003e\u003cp\u003eThe vendor provided the following changelog:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes\"\u003ehttps://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:\n https://www.faronics.com/document-library/document/download-winselect-standard \n \u00a0\n\nThe vendor provided the following changelog:\n https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Read/Write Permissions for Everyone on Configuration File",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2024-36495",
    "datePublished": "2024-06-24T08:50:07.161Z",
    "dateReserved": "2024-05-29T06:48:49.689Z",
    "dateUpdated": "2025-02-13T17:52:54.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36339 (GCVE-0-2024-36339)

Vulnerability from cvelistv5 – Published: 2025-05-13 16:56 – Updated: 2026-02-26 18:28
VLAI
Summary
A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
AMD
Impacted products
Date Public
2025-05-13 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36339",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T03:55:41.302773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:35.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Optimizing CPU Libraries (AOCL)",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.0"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.\u003cbr\u003e"
            }
          ],
          "value": "A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T17:16:36.759Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9014.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36339",
    "datePublished": "2025-05-13T16:56:41.523Z",
    "dateReserved": "2024-05-23T19:44:47.200Z",
    "dateUpdated": "2026-02-26T18:28:35.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.