Search
Find a vulnerability
Search criteria
6 vulnerabilities by G DATA
CVE-2024-6871 (GCVE-0-2024-6871)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:30 – Updated: 2024-11-26 15:43
VLAI
Title
G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Summary
G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.15.21
|
|
| gdata-software | total_security |
Affected:
25.5.15.21
cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:* |
Date Public
2024-11-12 23:01
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:00.565854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:43:45.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"dateAssigned": "2024-07-17T23:54:26.480Z",
"datePublic": "2024-11-12T23:01:50.021Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:30:23.472Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1486",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1486/"
}
],
"source": {
"lang": "en",
"value": "Kolja Grassmann (cirosec GmbH)"
},
"title": "G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-6871",
"datePublished": "2024-11-22T21:30:23.472Z",
"dateReserved": "2024-07-17T23:54:26.449Z",
"dateUpdated": "2024-11-26T15:43:45.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30377 (GCVE-0-2024-30377)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-05 14:47
VLAI
Title
G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23381.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.17.335
|
|
| gdata-software | total_security |
Affected:
25.5.17.335
cpe:2.3:a:gdata-software:total_security:25.5.17.335:*:*:*:*:*:*:* |
Date Public
2024-08-22 19:33
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:25.5.17.335:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"status": "affected",
"version": "25.5.17.335"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:16:20.732343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:47:59.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.17.335"
}
]
}
],
"dateAssigned": "2024-03-26T19:40:42.768Z",
"datePublic": "2024-08-22T19:33:09.931Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23381."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:20.247Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1159",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1159/"
}
],
"source": {
"lang": "en",
"value": "Naor Hodorov"
},
"title": "G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-30377",
"datePublished": "2024-11-22T20:05:20.247Z",
"dateReserved": "2024-03-26T18:52:36.420Z",
"dateUpdated": "2024-12-05T14:47:59.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1868 (GCVE-0-2024-1868)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-05 19:34
VLAI
Title
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22313.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.15.21
|
|
| gdata-software | total_security |
Affected:
25.5.15.21
cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:* |
Date Public
2024-05-31 20:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:16:25.516065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:34:34.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"dateAssigned": "2024-02-23T19:50:44.332Z",
"datePublic": "2024-05-31T20:40:20.703Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22313."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:17.149Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-558",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-558/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-1868",
"datePublished": "2024-11-22T20:05:17.149Z",
"dateReserved": "2024-02-23T19:50:06.409Z",
"dateUpdated": "2024-12-05T19:34:34.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1867 (GCVE-0-2024-1867)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-05 19:33
VLAI
Title
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.15.21
|
|
| gdata-software | total_security |
Affected:
25.5.15.21
cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:* |
Date Public
2024-05-31 20:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:25.5.15.21:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:16:27.296059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T19:33:53.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.15.21"
}
]
}
],
"dateAssigned": "2024-02-23T19:50:44.344Z",
"datePublic": "2024-05-31T20:40:26.465Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:16.110Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-559",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-559/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-1867",
"datePublished": "2024-11-22T20:05:16.110Z",
"dateReserved": "2024-02-23T19:50:03.843Z",
"dateUpdated": "2024-12-05T19:33:53.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42126 (GCVE-0-2023-42126)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-02 19:16
VLAI
Title
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.14.95
|
|
| gdata-software | total_security |
Affected:
0 , < 25.5.14.95
(custom)
cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:* |
Date Public
2023-09-29 22:01
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"lessThan": "25.5.14.95",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T19:26:04.983685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:33:23.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1493",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.14.95"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.540Z",
"datePublic": "2023-09-29T22:01:25.692Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:13:32.063Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1493",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1493/"
}
],
"source": {
"lang": "en",
"value": "Filip Dragovic (@filip_dragovic)"
},
"title": "G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42126",
"datePublished": "2024-05-03T02:13:32.063Z",
"dateReserved": "2023-09-06T21:14:24.437Z",
"dateUpdated": "2024-08-02T19:16:50.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27347 (GCVE-0-2023-27347)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-08-02 12:09
VLAI
Title
G DATA Total Security Link Following Local Privilege Escalation Vulnerability
Summary
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| G DATA | Total Security |
Affected:
25.5.12.833
|
|
| gdata-software | total_security |
Affected:
0 , < 25.5.12.833
(custom)
cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:* |
Date Public
2023-04-05 21:43
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gdata-software:total_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "total_security",
"vendor": "gdata-software",
"versions": [
{
"lessThan": "25.5.12.833",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:33:36.948711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:33:43.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-379",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-379/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Total Security",
"vendor": "G DATA",
"versions": [
{
"status": "affected",
"version": "25.5.12.833"
}
]
}
],
"dateAssigned": "2023-02-28T18:05:54.019Z",
"datePublic": "2023-04-05T21:43:38.066Z",
"descriptions": [
{
"lang": "en",
"value": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:06.556Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-379",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-379/"
}
],
"source": {
"lang": "en",
"value": "Dennis Herrmann (@dhn_)"
},
"title": "G DATA Total Security Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27347",
"datePublished": "2024-05-03T01:56:06.556Z",
"dateReserved": "2023-02-28T17:58:45.480Z",
"dateUpdated": "2024-08-02T12:09:43.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}