CVE-2024-46466

Published: Nov 15, 2024Modified: Nov 25, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

Exploitability: 1.4 / Impact: 5.8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (1)

https://www.primx.eu/en/bulletins/security-bulletin-24931934/

Source: cve@mitre.org

Timeline

No history available yet.