mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
146 lines
8.4 KiB
JSON
146 lines
8.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-29210",
|
|
"ASSIGNER": "support@hackerone.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges.\n\nThe issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent.\n\nAn attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges.\n\nImpact:\nThis vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system.\n\nAffected Products:\nPhish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11\nSecond Chance Client versions 2.0.0-2.0.9\nPIQ Client versions 1.0.0-1.0.15\n\nRemediation:\nKnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4.\n\nWorkarounds:\nManually set the correct permissions on the configuration file to restrict write access to administrators only.\n\nCredits:\nThis vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "KnowBe4",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Phish Alert Button (PAB) for Outlook",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "1.10.12",
|
|
"version_value": "1.10.12"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Phish Alert Button (PAB) f",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "1.10.0",
|
|
"status": "unaffected",
|
|
"lessThan": "1.10.0",
|
|
"versionType": "semver"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Second Chance Client",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "2.0.10",
|
|
"status": "affected",
|
|
"lessThan": "2.0.10",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "2.0.0",
|
|
"status": "unaffected",
|
|
"lessThan": "2.0.0",
|
|
"versionType": "semver"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "PasswordIQ (PIQ) Client",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "1.0.16",
|
|
"status": "affected",
|
|
"lessThan": "1.0.16",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "1.0.0",
|
|
"status": "unaffected",
|
|
"lessThan": "1.0.0",
|
|
"versionType": "semver"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210",
|
|
"refsource": "MISC",
|
|
"name": "https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210"
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
|
|
"baseScore": 2.8,
|
|
"baseSeverity": "LOW"
|
|
}
|
|
]
|
|
}
|
|
} |