ГлавнаяУязвимости → CVE-2021-47810
7.8высокая

CVE-2021-47810

Описание

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.

Затрагиваемое ПО
Wibu Wibukey
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.exploit-db.com/exploits/49999https://www.vulncheck.com/advisories/wibukey-runtime-wksvwexe-unquoted-service-pathhttps://www.wibu.comhttps://www.wibu.com/us/support/user/downloads-user-software.htmlhttps://www.exploit-db.com/exploits/49999