VAR-201305-0315
Vulnerability from variot - Updated: 2025-04-11 22:59Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. Multiple Infotecs products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code context of the SYSTEM user or user with local administrative privileges. The following are affected: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior. CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)
CVE reference: CVE-2013-3496
Credit: Maksim Chudakov (@MChudakov) Andrey Kurtasanov(andreykurtasanov@gmail.com)
Severity: Medium
Local\Remote: Local
Vulnerability Class: Privilege Escalation
Vendor URL: http://www.infotecs.biz/
Affected OS: Windows
Vulnerable systems: ViPNet Client 3.2.10 (15632) and prior ViPNet Coordinator 3.2.10 (15632) and prior ViPNet SafeDisk 4.1 (0.5643) and prior VipNet Personal Firewall 3.1 and prior Possibly same issues in other Infotecs products and other versions
Overview: A local privilege escalation vulnerability exists in the Infotecs products (ViPNet Client, SafeDisk, Personal Firewall and possibly other products), which could be exploited by an attacker to execute commands on the affected machine under the context of the SYSTEM user or user with local administrative privileges.
Technical Background: The vulnerability exists because Infotecs products installs to folder with insecure permissions. "Everyone" group has "Full Control" rights to the files/folders in the following path: "%Program Files%\Infotecs[product_name]". It means that any unprivileged user can modify, delete or change permissions of any file in data the folder consists of data, executable and configuration files.
Solution: 1) Request a patch from Vendor or 2) Go to every executable and dll file within a ViPNet folder and change permissions manually
Disclosure Timeline: 25/03/2013 Initial vendor notification 08/04/2013 Vendor response that patches has been released 20/05/2013 Advisory released
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vipnet coordinator",
"scope": "lte",
"trust": 1.0,
"vendor": "infotecs",
"version": "3.2.10"
},
{
"model": "vipnet client",
"scope": "lte",
"trust": 1.0,
"vendor": "infotecs",
"version": "3.2.10"
},
{
"model": "vipnet safedisk",
"scope": "lte",
"trust": 1.0,
"vendor": "infotecs",
"version": "4.1"
},
{
"model": "vipnet personal firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "infotecs",
"version": "3.1"
},
{
"model": "vipnet client",
"scope": "lte",
"trust": 0.8,
"vendor": "infotecs",
"version": "3.2.10 (15632)"
},
{
"model": "vipnet coordinator",
"scope": "lte",
"trust": 0.8,
"vendor": "infotecs",
"version": "3.2.10 (15632)"
},
{
"model": "vipnet personal firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "infotecs",
"version": "4.1 (0.5643)"
},
{
"model": "vipnet safedisk",
"scope": "lte",
"trust": 0.8,
"vendor": "infotecs",
"version": "3.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infotecs:vipnet_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:infotecs:vipnet_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:infotecs:vipnet_personal_firewall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:infotecs:vipnet_safedisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maksim Chudakov and Andrey Kurtasanov",
"sources": [
{
"db": "BID",
"id": "60050"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-63498",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3496",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3496",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-451",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63498",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. Multiple Infotecs products are prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to execute arbitrary code context of the SYSTEM user or user with local administrative privileges. \nThe following are affected:\nViPNet Client 3.2.10 (15632) and prior\nViPNet Coordinator 3.2.10 (15632) and prior\nViPNet SafeDisk 4.1 (0.5643) and prior\nVipNet Personal Firewall 3.1 and prior. CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\\Coordinator, SafeDisk, Personal Firewall)\n \nCVE reference:\nCVE-2013-3496\n\nCredit:\nMaksim Chudakov (@MChudakov)\nAndrey Kurtasanov(andreykurtasanov@gmail.com)\n\nSeverity:\nMedium\n\nLocal\\Remote:\nLocal\n\nVulnerability Class:\nPrivilege Escalation\n\nVendor URL:\nhttp://www.infotecs.biz/\n\nAffected OS:\nWindows\n\nVulnerable systems:\nViPNet Client 3.2.10 (15632) and prior\nViPNet Coordinator 3.2.10 (15632) and prior\nViPNet SafeDisk 4.1 (0.5643) and prior\nVipNet Personal Firewall 3.1 and prior\nPossibly same issues in other Infotecs products and other versions\n\nOverview:\nA local privilege escalation vulnerability exists in the Infotecs products (ViPNet Client, SafeDisk, Personal Firewall and possibly other products), which could be exploited by an attacker to execute commands on the affected machine under the context of the SYSTEM user or user with local administrative privileges. \n\nTechnical Background:\nThe vulnerability exists because Infotecs products installs to folder with insecure permissions. \"Everyone\" group has \"Full Control\" rights to the files/folders in the following path: \"%Program Files%\\Infotecs\\[product_name]\". It means that any unprivileged user can modify, delete or change permissions of any file in data the folder consists of data, executable and configuration files. \n\nSolution:\n1) Request a patch from Vendor or\n2) Go to every executable and dll file within a ViPNet folder and change permissions manually\n\nDisclosure Timeline:\n25/03/2013 Initial vendor notification\n08/04/2013 Vendor response that patches has been released\n20/05/2013 Advisory released\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3496"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "BID",
"id": "60050"
},
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "PACKETSTORM",
"id": "121698"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63498",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3496",
"trust": 2.9
},
{
"db": "BID",
"id": "60050",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20130520 CVE-2013-3496. LOCAL PRIVILEGE ESCALATION VULNERABILITY IN INFOTECS PRODUCTS (VIPNET CLIENTCOORDINATOR, SAFEDISK, PERSONAL FIREWALL)",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "121698",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-63498",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "BID",
"id": "60050"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "PACKETSTORM",
"id": "121698"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"id": "VAR-201305-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:59:11.186000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.infotecs.biz/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0072.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3496"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3496"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3496"
},
{
"trust": 0.1,
"url": "http://www.infotecs.biz/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "PACKETSTORM",
"id": "121698"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63498"
},
{
"db": "BID",
"id": "60050"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"db": "PACKETSTORM",
"id": "121698"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-63498"
},
{
"date": "2013-05-21T00:00:00",
"db": "BID",
"id": "60050"
},
{
"date": "2013-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"date": "2013-05-21T22:12:31",
"db": "PACKETSTORM",
"id": "121698"
},
{
"date": "2013-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"date": "2013-05-22T13:29:56.170000",
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-63498"
},
{
"date": "2013-05-21T00:00:00",
"db": "BID",
"id": "60050"
},
{
"date": "2013-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002778"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-451"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "60050"
},
{
"db": "PACKETSTORM",
"id": "121698"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Infotecs ViPNet Vulnerability gained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-451"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.