Sign-up

ID

VAR-201305-0315


CVE

CVE-2013-3496


TITLE

plural Infotecs ViPNet Vulnerability gained in products

Trust: 0.8

sources: JVNDB: JVNDB-2013-002778

DESCRIPTION

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. Multiple Infotecs products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code context of the SYSTEM user or user with local administrative privileges. The following are affected: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior. CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) CVE reference: CVE-2013-3496 Credit: Maksim Chudakov (@MChudakov) Andrey Kurtasanov(andreykurtasanov@gmail.com) Severity: Medium Local\Remote: Local Vulnerability Class: Privilege Escalation Vendor URL: http://www.infotecs.biz/ Affected OS: Windows Vulnerable systems: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior Possibly same issues in other Infotecs products and other versions Overview: A local privilege escalation vulnerability exists in the Infotecs products (ViPNet Client, SafeDisk, Personal Firewall and possibly other products), which could be exploited by an attacker to execute commands on the affected machine under the context of the SYSTEM user or user with local administrative privileges. Technical Background: The vulnerability exists because Infotecs products installs to folder with insecure permissions. "Everyone" group has "Full Control" rights to the files/folders in the following path: "%Program Files%\Infotecs\[product_name]". It means that any unprivileged user can modify, delete or change permissions of any file in data the folder consists of data, executable and configuration files. Solution: 1) Request a patch from Vendor or 2) Go to every executable and dll file within a ViPNet folder and change permissions manually Disclosure Timeline: 25/03/2013 Initial vendor notification 08/04/2013 Vendor response that patches has been released 20/05/2013 Advisory released

Trust: 2.07

sources: NVD: CVE-2013-3496 // JVNDB: JVNDB-2013-002778 // BID: 60050 // VULHUB: VHN-63498 // PACKETSTORM: 121698

AFFECTED PRODUCTS

vendor:infotecsmodel:vipnet coordinatorscope:lteversion:3.2.10

Trust: 1.0

vendor:infotecsmodel:vipnet clientscope:lteversion:3.2.10

Trust: 1.0

vendor:infotecsmodel:vipnet safediskscope:lteversion:4.1

Trust: 1.0

vendor:infotecsmodel:vipnet personal firewallscope:lteversion:3.1

Trust: 1.0

vendor:infotecsmodel:vipnet clientscope:lteversion:3.2.10 (15632)

Trust: 0.8

vendor:infotecsmodel:vipnet coordinatorscope:lteversion:3.2.10 (15632)

Trust: 0.8

vendor:infotecsmodel:vipnet personal firewallscope:lteversion:4.1 (0.5643)

Trust: 0.8

vendor:infotecsmodel:vipnet safediskscope:lteversion:3.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-002778 // NVD: CVE-2013-3496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3496
value: HIGH

Trust: 1.0

NVD: CVE-2013-3496
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201305-451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63498
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3496
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63498
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63498 // JVNDB: JVNDB-2013-002778 // CNNVD: CNNVD-201305-451 // NVD: CVE-2013-3496

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63498 // JVNDB: JVNDB-2013-002778 // NVD: CVE-2013-3496

THREAT TYPE

local

Trust: 1.0

sources: BID: 60050 // PACKETSTORM: 121698 // CNNVD: CNNVD-201305-451

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201305-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002778

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63498

PATCH
title:Top Pageurl:http://www.infotecs.biz/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002778

EXTERNAL IDS
db:NVDid:CVE-2013-3496
Trust: 2.9
db:BIDid:60050
Trust: 1.0
db:JVNDBid:JVNDB-2013-002778
Trust: 0.8
db:BUGTRAQid:20130520 CVE-2013-3496. LOCAL PRIVILEGE ESCALATION VULNERABILITY IN INFOTECS PRODUCTS (VIPNET CLIENTCOORDINATOR, SAFEDISK, PERSONAL FIREWALL)
Trust: 0.6
db:CNNVDid:CNNVD-201305-451
Trust: 0.6
db:PACKETSTORMid:121698
Trust: 0.2
db:VULHUBid:VHN-63498
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63498 // 
            
            
            
            BID: 60050 // 
            
            
            
            JVNDB: JVNDB-2013-002778 // 
            
            
            
            PACKETSTORM: 121698 // 
            
            
            
            CNNVD: CNNVD-201305-451 // 
            
            
            
            NVD: CVE-2013-3496

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3496
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3496
Trust: 0.8
url:http://www.securityfocus.com/bid/60050
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2013-3496
Trust: 0.1
url:http://www.infotecs.biz/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63498 // 
            
            
            
            JVNDB: JVNDB-2013-002778 // 
            
            
            
            PACKETSTORM: 121698 // 
            
            
            
            CNNVD: CNNVD-201305-451 // 
            
            
            
            NVD: CVE-2013-3496

CREDITS
Maksim Chudakov and Andrey Kurtasanov
Trust: 0.9
sources:
            
            
            BID: 60050 // 
            
            
            
            CNNVD: CNNVD-201305-451

SOURCES
db:VULHUBid:VHN-63498
db:BIDid:60050
db:JVNDBid:JVNDB-2013-002778
db:PACKETSTORMid:121698
db:CNNVDid:CNNVD-201305-451
db:NVDid:CVE-2013-3496

LAST UPDATE DATE
2025-04-11T22:59:11.186000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63498date:2013-05-22T00:00:00
db:BIDid:60050date:2013-05-21T00:00:00
db:JVNDBid:JVNDB-2013-002778date:2013-05-23T00:00:00
db:CNNVDid:CNNVD-201305-451date:2021-11-30T00:00:00
db:NVDid:CVE-2013-3496date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63498date:2013-05-22T00:00:00
db:BIDid:60050date:2013-05-21T00:00:00
db:JVNDBid:JVNDB-2013-002778date:2013-05-23T00:00:00
db:PACKETSTORMid:121698date:2013-05-21T22:12:31
db:CNNVDid:CNNVD-201305-451date:2013-05-21T00:00:00
db:NVDid:CVE-2013-3496date:2013-05-22T13:29:56.170