CVE-2024-4229

Summary

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.

Affected Software

VendorProductVersion RangeStatus
Edgecross ConsortiumEdgecross Basic Software for Windowsversions 1.00 and lateraffected
Edgecross ConsortiumEdgecross Basic Software for Developersversions 1.00 and lateraffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References