← Zuruck zu CVEs
CVE-2021-41065
HIGH7.3
Beschreibung
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).
CVE Details
CVSS v3.1 Bewertung7.3
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht12/14/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
bopsoft:listary
Schwachen (CWE)
CWE-668
Referenzen
https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e(cve@mitre.org)
https://www.listary.com/download(cve@mitre.org)
https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e(af854a3a-2127-422b-91ae-364da2661108)
https://www.listary.com/download(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.