Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Absolute Software CTES Windows Agent 安全漏洞
Vulnerability Description
Absolute Software CTES Windows Agent是一款基于Windows平台的用于监控计算机系统的代理程序。 Absolute Software CTES Windows Agent 1.0.0.1479及之前版本中存在安全漏洞,该漏洞源于%ProgramData%CTES文件夹及其子文件夹未明确限制对系统或管理员用户账户的访问。攻击者可利用该漏洞未授权更换服务程序可执行文件或DLL文件,进而以提升的系统用户权限未授权访问代码,或修改该文件夹下的配置控制文件或数据文件,进而影响服务
CVSS Information
N/A
Vulnerability Type
N/A