CVE-2024-36495

Summary

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:

C:\ProgramData\WINSelect\WINSelect.wsd

The path for the affected WINSelect Enterprise configuration file is:

C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

Affected Software

VendorProductVersion RangeStatus
FaronicsWINSelect (Standard + Enterprise)8.30.xx.903unaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References