Vulnerability Description
The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Jun/12
- https://r.sec-consult.com/winselect
- https://www.faronics.com/en-uk/document-library/document/winselect-standard-rele
- http://seclists.org/fulldisclosure/2024/Jun/12
- https://r.sec-consult.com/winselect
- https://www.faronics.com/en-uk/document-library/document/winselect-standard-rele
FAQ
What is CVE-2024-36497?
CVE-2024-36497 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.
How severe is CVE-2024-36497?
CVE-2024-36497 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-36497?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.