CVE-2013-5701

Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/fulldisclosure/2013/Sep/43	Exploit
http://www.securitytracker.com/id/1028992	Exploit
https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:watchguard:server_center::::::::
	cpe:2.3:a:watchguard:server_center:11.7.3:::::::*

History

No history.

Information

Published : 2013-10-03 20:55

Updated : 2024-02-28 12:00

NVD link : CVE-2013-5701

Mitre link : CVE-2013-5701

CVE.ORG link : CVE-2013-5701

JSON object : View

Products Affected

watchguard

server_center

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-5701", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-03T20:55:04.107", "references": [{"url": "http://seclists.org/fulldisclosure/2013/Sep/43", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1028992", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ruta de b\u00fasqueda no confiable en (1) Watchguard Log Collector (wlcollector.exe) y (2) Watchguard WebBlocker Server (wbserver.exe) en WatchGuard Server Center 11.7.4, 11.7.3, y posiblemente anteriores versiones permiten a usuarios locales obtener privilegios a trav\u00e9s de un caballo de troya en el archivo wgpr.dll en el directorio bin de la aplicaci\u00f3n."}], "lastModified": "2013-10-07T15:30:03.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:server_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81F2DFE5-A59F-4E7E-9ECD-790082748033", "versionEndIncluding": "11.7.4"}, {"criteria": "cpe:2.3:a:watchguard:server_center:11.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B9CA2D-E4F8-463A-B07E-09BA36E5A06F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}