Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
https://www.filereplicationpro.com | Product |
Configurations
History
21 Apr 2023, 20:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Filereplicationpro
Filereplicationpro file Replication Pro |
|
References | (MISC) https://www.filereplicationpro.com - Product | |
References | (MISC) http://packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:filereplicationpro:file_replication_pro:7.5.0:*:*:*:*:*:*:* | |
CWE | CWE-276 |
14 Apr 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-14 00:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-26918
Mitre link : CVE-2023-26918
CVE.ORG link : CVE-2023-26918
JSON object : View
Products Affected
filereplicationpro
- file_replication_pro
CWE
CWE-276
Incorrect Default Permissions