Search

Find a vulnerability

Search criteria

    5 vulnerabilities by infotecs

    VAR-201305-0315

    Vulnerability from variot - Updated: 2025-04-11 22:59

    Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. Multiple Infotecs products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code context of the SYSTEM user or user with local administrative privileges. The following are affected: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior. CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

    CVE reference: CVE-2013-3496

    Credit: Maksim Chudakov (@MChudakov) Andrey Kurtasanov(andreykurtasanov@gmail.com)

    Severity: Medium

    Local\Remote: Local

    Vulnerability Class: Privilege Escalation

    Vendor URL: http://www.infotecs.biz/

    Affected OS: Windows

    Vulnerable systems: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior Possibly same issues in other Infotecs products and other versions

    Overview: A local privilege escalation vulnerability exists in the Infotecs products (ViPNet Client, SafeDisk, Personal Firewall and possibly other products), which could be exploited by an attacker to execute commands on the affected machine under the context of the SYSTEM user or user with local administrative privileges.

    Technical Background: The vulnerability exists because Infotecs products installs to folder with insecure permissions. "Everyone" group has "Full Control" rights to the files/folders in the following path: "%Program Files%\Infotecs[product_name]". It means that any unprivileged user can modify, delete or change permissions of any file in data the folder consists of data, executable and configuration files.

    Solution: 1) Request a patch from Vendor or 2) Go to every executable and dll file within a ViPNet folder and change permissions manually

    Disclosure Timeline: 25/03/2013 Initial vendor notification 08/04/2013 Vendor response that patches has been released 20/05/2013 Advisory released

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201305-0315",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vipnet coordinator",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "infotecs",
            "version": "3.2.10"
          },
          {
            "model": "vipnet client",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "infotecs",
            "version": "3.2.10"
          },
          {
            "model": "vipnet safedisk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "infotecs",
            "version": "4.1"
          },
          {
            "model": "vipnet personal firewall",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "infotecs",
            "version": "3.1"
          },
          {
            "model": "vipnet client",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "infotecs",
            "version": "3.2.10 (15632)"
          },
          {
            "model": "vipnet coordinator",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "infotecs",
            "version": "3.2.10 (15632)"
          },
          {
            "model": "vipnet personal firewall",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "infotecs",
            "version": "4.1 (0.5643)"
          },
          {
            "model": "vipnet safedisk",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "infotecs",
            "version": "3.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:infotecs:vipnet_client",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:infotecs:vipnet_coordinator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:infotecs:vipnet_personal_firewall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:infotecs:vipnet_safedisk",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maksim Chudakov and Andrey Kurtasanov",
        "sources": [
          {
            "db": "BID",
            "id": "60050"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-3496",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-3496",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-63498",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-3496",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-3496",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201305-451",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-63498",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. Multiple Infotecs products are prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to execute arbitrary code  context of the SYSTEM user or user with local administrative privileges. \nThe following are affected:\nViPNet Client 3.2.10 (15632) and prior\nViPNet Coordinator 3.2.10 (15632) and prior\nViPNet SafeDisk 4.1 (0.5643) and prior\nVipNet Personal Firewall 3.1 and prior. CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)\n \nCVE reference:\nCVE-2013-3496\n\nCredit:\nMaksim Chudakov (@MChudakov)\nAndrey Kurtasanov(andreykurtasanov@gmail.com)\n\nSeverity:\nMedium\n\nLocal\\Remote:\nLocal\n\nVulnerability Class:\nPrivilege Escalation\n\nVendor URL:\nhttp://www.infotecs.biz/\n\nAffected OS:\nWindows\n\nVulnerable systems:\nViPNet Client 3.2.10 (15632) and prior\nViPNet Coordinator 3.2.10 (15632) and prior\nViPNet SafeDisk 4.1 (0.5643) and prior\nVipNet Personal Firewall 3.1 and prior\nPossibly same issues in other Infotecs products and other versions\n\nOverview:\nA local privilege escalation vulnerability exists in the Infotecs products (ViPNet Client, SafeDisk, Personal Firewall and possibly other products), which could be exploited by an attacker to execute commands on the affected machine under the context of the SYSTEM user or user with local administrative privileges. \n\nTechnical Background:\nThe vulnerability exists because Infotecs products installs to folder with insecure permissions. \"Everyone\" group has \"Full Control\" rights to the files/folders in the following path: \"%Program Files%\\Infotecs\\[product_name]\". It means that any unprivileged user can modify, delete or change permissions of any file in data the folder consists of data, executable and configuration files. \n\nSolution:\n1) Request a patch from Vendor or\n2) Go to every executable and dll file within a ViPNet folder and change permissions manually\n\nDisclosure Timeline:\n25/03/2013 Initial vendor notification\n08/04/2013 Vendor response that patches has been released\n20/05/2013 Advisory released\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "BID",
            "id": "60050"
          },
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "PACKETSTORM",
            "id": "121698"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-63498",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-3496",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "60050",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20130520 CVE-2013-3496. LOCAL PRIVILEGE ESCALATION VULNERABILITY IN INFOTECS PRODUCTS (VIPNET CLIENTCOORDINATOR, SAFEDISK, PERSONAL FIREWALL)",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "121698",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-63498",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "BID",
            "id": "60050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "PACKETSTORM",
            "id": "121698"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "id": "VAR-201305-0315",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:59:11.186000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.infotecs.biz/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3496"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3496"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/60050"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3496"
          },
          {
            "trust": 0.1,
            "url": "http://www.infotecs.biz/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "PACKETSTORM",
            "id": "121698"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "db": "BID",
            "id": "60050"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "db": "PACKETSTORM",
            "id": "121698"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "date": "2013-05-21T00:00:00",
            "db": "BID",
            "id": "60050"
          },
          {
            "date": "2013-05-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "date": "2013-05-21T22:12:31",
            "db": "PACKETSTORM",
            "id": "121698"
          },
          {
            "date": "2013-05-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "date": "2013-05-22T13:29:56.170000",
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-63498"
          },
          {
            "date": "2013-05-21T00:00:00",
            "db": "BID",
            "id": "60050"
          },
          {
            "date": "2013-05-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2013-3496"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "60050"
          },
          {
            "db": "PACKETSTORM",
            "id": "121698"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Infotecs ViPNet Vulnerability gained in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-002778"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201305-451"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-9606 (GCVE-0-2017-9606)

    Vulnerability from nvd – Published: 2017-06-15 03:00 – Updated: 2024-08-05 17:11
    VLAI
    Summary
    Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/Houl777/CVE-2017-9606 x_refsource_MISC
    Date Public
    2017-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:02.326Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Houl777/CVE-2017-9606"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-15T02:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Houl777/CVE-2017-9606"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-9606",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Houl777/CVE-2017-9606",
                  "refsource": "MISC",
                  "url": "https://github.com/Houl777/CVE-2017-9606"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-9606",
        "datePublished": "2017-06-15T03:00:00.000Z",
        "dateReserved": "2017-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:11:02.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3496 (GCVE-0-2013-3496)

    Vulnerability from nvd – Published: 2013-05-22 10:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:54.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-05-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3496",
        "datePublished": "2013-05-22T10:00:00.000Z",
        "dateReserved": "2013-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:11.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9606 (GCVE-0-2017-9606)

    Vulnerability from cvelistv5 – Published: 2017-06-15 03:00 – Updated: 2024-08-05 17:11
    VLAI
    Summary
    Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/Houl777/CVE-2017-9606 x_refsource_MISC
    Date Public
    2017-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:02.326Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Houl777/CVE-2017-9606"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-15T02:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Houl777/CVE-2017-9606"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-9606",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Houl777/CVE-2017-9606",
                  "refsource": "MISC",
                  "url": "https://github.com/Houl777/CVE-2017-9606"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-9606",
        "datePublished": "2017-06-15T03:00:00.000Z",
        "dateReserved": "2017-06-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:11:02.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3496 (GCVE-0-2013-3496)

    Vulnerability from cvelistv5 – Published: 2013-05-22 10:00 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:54.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-05-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130520 CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3496",
        "datePublished": "2013-05-22T10:00:00.000Z",
        "dateReserved": "2013-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:11.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }