CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51772
https://notcve.org/view.php?id=CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48654 – One Identity Password Manager Kiosk Escape Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-48654
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. One Identity Password Manager anterior a 5.13.1 permite Kiosk Escape. • https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension https://www.oneidentity.com/products/password-manager •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30523 – Trend Micro Password Manager Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30523
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. Trend Micro Password Manager (Consumer) versión 5.0.0.1266 y anteriores, es susceptible a una vulnerabilidad de escalada de privilegios de seguimiento de enlaces que podría permitir a un atacante local con pocos privilegios eliminar el contenido de una carpeta arbitraria como SYSTEM, lo que puede usarse para una escalada de privilegios en el equipo afectado This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-09071 https://www.zerodayinitiative.com/advisories/ZDI-22-759 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26337
https://notcve.org/view.php?id=CVE-2022-26337
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. El instalador de Trend Micro Password Manager (Consumer) versión 5.0.0.1262 y anteriores, es susceptible a una vulnerabilidad de Elemento de Ruta de Búsqueda no Controlada que podría permitir a un atacante usar un archivo especialmente diseñado para explotar la vulnerabilidad y elevar privilegios locales en el equipo afectado • https://helpcenter.trendmicro.com/en-us/article/tmka-10954 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Kaspersky Password Manager Service. The issue results from execution with unnecessary privileges. An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 https://www.zerodayinitiative.com/advisories/ZDI-21-1335 • CWE-269: Improper Privilege Management •