Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability
Vulnerability Description
The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Microsoft Windows 安全漏洞
Vulnerability Description
Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Duo Authentication Windows Logon 和 RDP implementation存在安全漏洞,该漏洞源于在实现的双重身份验证中存在特权升级漏洞。本地攻击者可利用该漏洞覆盖特权目录中的文件。
CVSS Information
N/A
Vulnerability Type
N/A