Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sennheiser HeadSetup 安全漏洞
Vulnerability Description
Sennheiser HeadSetup是德国森海塞尔(Sennheiser)公司的一款用于管理和配置Sennheiser音频设备的应用程序。 Sennheiser HeadSetup 7.3.4903版本中存在安全漏洞,该漏洞源于程序将Certification Authority证书存放在本地系统的Trusted Root CA存储列表并将私钥发布到SennComCCKey.pem文件中。远程攻击者可利用该漏洞发送可信签名的软件或冒充软件发布商。
CVSS Information
N/A
Vulnerability Type
N/A