CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
ysoftsafeq
6.0
ysoftsafeq
6.0:build32
ysoftsafeq
6.0:build33
ysoftsafeq
6.0:build34
ysoftsafeq
6.0:build35
ysoftsafeq
6.0:build36
ysoftsafeq
6.0:build37
ysoftsafeq
6.0:build38
ysoftsafeq
6.0:build39
ysoftsafeq
6.0:build40
ysoftsafeq
6.0:build41
ysoftsafeq
6.0:build42
ysoftsafeq
6.0:build43
ysoftsafeq
6.0:build44
ysoftsafeq
6.0:build45
ysoftsafeq
6.0:build46
ysoftsafeq
6.0:build47
ysoftsafeq
6.0:build48
ysoftsafeq
6.0:build49
ysoftsafeq
6.0:build50
ysoftsafeq
6.0:build51
ysoftsafeq
6.0:build52
ysoftsafeq
6.0:build53
ysoftsafeq
6.0:build54
ysoftsafeq
6.0:build55
ysoftsafeq
6.0:build56
ysoftsafeq
6.0:build57
ysoftsafeq
6.0:build58
ysoftsafeq
6.0:build59
ysoftsafeq
6.0:build60
ysoftsafeq
6.0:build61
ysoftsafeq
6.0:build62
ysoftsafeq
6.0:build63
ysoftsafeq
6.0:build64
ysoftsafeq
6.0:build65
ysoftsafeq
6.0:build66
ysoftsafeq
6.0:build67
ysoftsafeq
6.0:build68
ysoftsafeq
6.0:build69
ysoftsafeq
6.0:build70
ysoftsafeq
6.0:build71
𝑥
= Vulnerable software versions
References
https://www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation
https://ysoft.com
https://www.ysoft.com/en/legal/ysoft-safeq-client-v3-local-privilege-escalation
https://ysoft.com