CVE-2022-26239

The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://pastebin.com/1QEHrj01	Third Party Advisory
https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance	Product
https://pastebin.com/1QEHrj01	Third Party Advisory
https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:beckmancoulter:remisol_advance:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:53

Type	Values Removed	Values Added
References	~~() https://pastebin.com/1QEHrj01 - Third Party Advisory~~	() https://pastebin.com/1QEHrj01 - Third Party Advisory
References	~~() https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance - Product~~	() https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance - Product

Information

Published : 2022-10-06 18:15

Updated : 2024-11-21 06:53

NVD link : CVE-2022-26239

Mitre link : CVE-2022-26239

CVE.ORG link : CVE-2022-26239

JSON object : View

Products Affected

beckmancoulter

remisol_advance

microsoft

windows

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2022-26239", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-10-06T18:15:56.337", "references": [{"url": "https://pastebin.com/1QEHrj01", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://pastebin.com/1QEHrj01", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.beckmancoulter.com/products/clinical-information-management-tools/remisol-advance", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data."}, {"lang": "es", "value": "Los privilegios por defecto para el servicio en ejecuci\u00f3n Normand License Manager en Beckman Coulter Remisol Advance versiones v2.0.12.1 y anteriores, permite a usuarios no privilegiados sobrescribir y manipular ejecutables y bibliotecas. Esto permite a atacantes acceder a datos confidenciales"}], "lastModified": "2024-11-21T06:53:37.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beckmancoulter:remisol_advance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D41AA48E-8624-46FB-B13B-33AA63D2E8B0", "versionEndIncluding": "2.0.12.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}