Vulnerabilities > CVE-2018-13013 - Improper Check for Unusual or Exceptional Conditions vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

safensoft

CWE-754

NVD

Published: 2018-06-29

Updated: 2019-10-03

Summary

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.)

Vulnerable Configurations

Part	Description	Count
Application	Safensoft Safensoft Enterprise Suite * Safensoft Syswatch * Safensoft Tpsecure *	3

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3