CVE-2017-2242

{"id": "CVE-2017-2242", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-08-29T01:35:13.547", "references": [{"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN22272314/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "http://flets-w.com/topics/setsuzoku_tool_vulnerability/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN22272314/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}, {"lang": "es", "value": "Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable en Flets Setsuzoku Tool para Windows en todas sus versiones permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado."}], "lastModified": "2024-11-21T03:23:08.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntt:flets_setsuzoku_tool:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "77BF9687-BA33-4AAA-A1E2-003EEE17E1B5"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}