Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unquoted service path vulnerability on Veyon
Vulnerability Description
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
未经引用的搜索路径或元素
Vulnerability Title
Veyon Service 代码问题漏洞
Vulnerability Description
Veyon Service是个人开发者的一款用于Windows和Linux的计算机监控和教室管理软件。该软件可使教师可以查看和控制计算机实验室并与学生互动。 Veyon Service 4.4.2之前版本存在安全漏洞,该漏洞源于一个未引用的服务路径漏洞,攻击者可利用该漏洞使用LocalSystem特权运行恶意的可执行文件。
CVSS Information
N/A
Vulnerability Type
N/A