Vulnerabilities > CVE-2015-2667 - Search Path Local Privilege Escalation vulnerability in Gns3 1.2.3

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gns3

NVD

Published: 2015-05-18

Updated: 2016-12-03

Summary

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

Vulnerable Configurations

Part	Description	Count
Application	Gns3 Gns3 Gns3 1.2.3	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/131731/gns3-dllhijack.txt
id	PACKETSTORM:131731
last seen	2016-12-05
published	2015-05-02
reporter	Osanda Malith
source	https://packetstormsecurity.com/files/131731/GNS3-1.2.3-DLL-Hijacking.html
title	GNS3 1.2.3 DLL Hijacking

References

http://packetstormsecurity.com/files/131731/GNS3-1.2.3-DLL-Hijacking.html
http://www.securityfocus.com/bid/74710