Vulnerabilities > CVE-2018-13013 - Improper Check for Unusual or Exceptional Conditions vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

safensoft

CWE-754

NVD

Published: 2018-06-29

Updated: 2019-10-03

Summary

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.)

Vulnerable Configurations

Part	Description	Count
Application	Safensoft Safensoft Syswatch 4.4.2 Safensoft Tpsecure 4.4.2 Safensoft Enterprise Suite 4.4.2	3

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3