Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution
Vulnerability Description
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
CleverControl 安全漏洞
Vulnerability Description
CleverControl是美国CleverControl公司的一款员工电脑监控软件。 CleverControl 11.5.1041.6版本存在安全漏洞,该漏洞源于安装过程中未验证TLS服务器证书,可能导致中间人攻击和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A