6 results (0.009 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe intenta aplicar los controles de acceso añadiendo un usuario no privilegiado al grupo local de Administradores durante un período de tiempo muy corto para ejecutar un único comando. • https://improsec.com/tech-blog/cam1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario sin privilegios puede leer la tabla cal_whitelist en la base de datos Custom App Launcher (CAL) y, potencialmente, obtener privilegios colocando un programa troyano en un nombre de ruta de la aplicación. • https://improsec.com/tech-blog/cam1 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe proporciona acceso "NT AUTHORITY\SYSTEM" a usuarios no privilegiados mediante la opción --system. • https://improsec.com/tech-blog/cam1 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Las aplicaciones de cliente de AccessManagerCoreService.exe se comunican con este servidor mediante tuberías nombradas. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario regular puede obtener privilegios de administrador local si ejecuta cualquier aplicación en lista blanca mediante el Custom App Launcher. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •