CVE-2022-24618
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.
El instalador Heimdal.Wizard.exe en Heimdal Premium Security versiones 2.5.395 y anteriores, presenta permisos inseguros, lo que permite a usuarios locales no privilegiados elevar los privilegios a SYSTEM por medio de la ventana "Browse For Folder" accesible al desencadenar un "Repair" en el paquete MSI ubicado en C:\Windows\Installer
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-07 CVE Reserved
- 2022-03-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-281: Improper Preservation of Permissions
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://heimdal.com | Not Applicable |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.heimdalsecurity.com/hc/en-us/articles/4425942979473-2-5-398-PROD-and-2-5-401-RC | 2022-03-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Heimdalsecurity Search vendor "Heimdalsecurity" | Heimdal Premium Security Search vendor "Heimdalsecurity" for product "Heimdal Premium Security" | < 2.5.398 Search vendor "Heimdalsecurity" for product "Heimdal Premium Security" and version " < 2.5.398" | - |
Affected
|