CVE-2024-36497

Summary

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

Affected Software

VendorProductVersion RangeStatus
FaronicsWINSelect (Standard + Enterprise)8.30.xx.903unaffected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References