CVE-2024-42052

EPSS 0.03%
Veröffentlicht 28.07.2024 03:15:02
Zuletzt bearbeitet 20.03.2025 19:15:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Splashtop ≫ Streamer SwEdition- SwPlatformwindows Version < 3.5.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.091

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md

Third Party Advisory

https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-42052

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42052

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42052

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-42052