CVE-2013-5701 – Watchguard Server Center - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2013-5701

Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. Múltiples vulnerabilidades de ruta de búsqueda no confiable en (1) Watchguard Log Collector (wlcollector.exe) y (2) Watchguard WebBlocker Server (wbserver.exe) en WatchGuard Server Center 11.7.4, 11.7.3, y posiblemente anteriores versiones permiten a usuarios locales obtener privilegios a través de un caballo de troya en el archivo wgpr.dll en el directorio bin de la aplicación. Watchguard Server Center version 11.7.4 suffers from a dll hijacking vulnerability with wgpr.dll. • https://www.exploit-db.com/exploits/38752 http://seclists.org/fulldisclosure/2013/Sep/43 http://www.securitytracker.com/id/1028992 https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability • CWE-264: Permissions, Privileges, and Access Controls •