Sign-up

ID

VAR-201305-0370


TITLE

Fujitsu Lifebook A512 Multiple Search Paths Handle Local Privilege Escalation Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-05298

DESCRIPTION

The Fujitsu Lifebook A512 is a notebook device. Fujitsu Lifebook A512 multiple pre-installers use unquoted search paths in UninstallString, allowing an attacker to exploit a vulnerability to build a malicious file and name it \"Program.exe\" in the system root directory, which can be high at system startup Permission to execute. These programs include Norton Internet Security, FJ Camera, Management Engine Driver for Intel and OpenCL SDK. Local attackers can exploit the vulnerability to escalate permissions

Trust: 0.72

sources: CNVD: CNVD-2013-05298 // IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05298

AFFECTED PRODUCTS

vendor:fujitsumodel:lifebook a512scope: - version: -

Trust: 0.6

vendor:fujitsumodel:lifebook a512scope:eqversion:*

Trust: 0.2

sources: IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05298

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-05298
value: MEDIUM

Trust: 0.6

IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-05298
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05298

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:CNVDid:CNVD-2013-05298

Trust: 0.8

db:IVDid:2D07743A-1F25-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 2d07743a-1f25-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-05298

REFERENCES

url:http://seclists.org/fulldisclosure/2013/may/14

Trust: 0.6

sources: CNVD: CNVD-2013-05298

SOURCES

db:IVDid:2d07743a-1f25-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-05298

LAST UPDATE DATE

2022-05-17T02:09:06.832000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-05298date:2013-05-14T00:00:00

SOURCES RELEASE DATE

db:IVDid:2d07743a-1f25-11e6-abef-000c29c66e3ddate:2013-05-15T00:00:00
db:CNVDid:CNVD-2013-05298date:2013-05-14T00:00:00