CVE-2021-42810 – Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users
https://notcve.org/view.php?id=CVE-2021-42810
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed. Un fallo en las versiones anteriores del producto puede permitir a un atacante autenticado la capacidad de ejecutar código como un usuario privilegiado en un sistema donde el agente está instalado • https://cpl.thalesgroup.com/support/security-updates https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG) •
CVE-2021-42808 – The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
https://notcve.org/view.php?id=CVE-2021-42808
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. Un Control de Acceso Inapropiado en Thales Sentinel Protection Installer podría permitir a un usuario local escalar privilegios • https://cpl.thalesgroup.com/fr/software-monetization/security-updates • CWE-284: Improper Access Control •
CVE-2021-42138
https://notcve.org/view.php?id=CVE-2021-42138
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. Un usuario de una máquina protegida por SafeNet Agent for Windows Logon podría aprovechar la entropía débil para acceder a las credenciales cifradas de alguno o todos los usuarios de esa máquina • https://cpl.thalesgroup.com/support/security-updates https://supportportal.gemalto.com/csm?sys_kb_id=a52bd13adbff7010f0e322080596194a&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955 https://supportportal.gemalto.com/csm?sys_kb_id=e8397662dbb7fc10520c4705059619eb&id=kb_article_view&sysparm_rank=2&sysparm_tsqueryId=b3bdd932db33b010f0e3220805961955 • CWE-331: Insufficient Entropy •
CVE-2021-42809 – The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library
https://notcve.org/view.php?id=CVE-2021-42809
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. Un Control de Acceso Inapropiado de los Recursos de Código Administrados Dinámicamente (DLL) en Thales Sentinel Protection Installer podría permitir una ejecución de código arbitrario • https://cpl.thalesgroup.com/fr/software-monetization/security-updates • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2021-32928
https://notcve.org/view.php?id=CVE-2021-32928
The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. While uninstalling, the uninstaller fails to close Port 1947. El instalador Sentinel LDK Run-Time Environment (versiones 7.6 y anteriores) añade una regla de firewall denominada "Sentinel License Manager" que permite las conexiones entrantes desde redes privadas usando el puerto TCP 1947. Durante la desinstalación, el desinstalador no consigue cerrar el puerto 1947 • https://us-cert.cisa.gov/ics/advisories/icsa-21-159-06 • CWE-459: Incomplete Cleanup •