ID CVE-2003-1169
Summary DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
References
Vulnerable Configurations
  • cpe:2.3:a:datev:nutzungskontrolle:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:datev:nutzungskontrolle:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:datev:nutzungskontrolle:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:datev:nutzungskontrolle:2.2:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 8950
fulldisc 20031101 DATEV Nutzungskontrolle Bypassing (REG)
xf nutzungskontrolle-registry-security-bypass(13589)
Last major update 11-07-2017 - 01:29
Published 31-12-2003 - 05:00
Last modified 11-07-2017 - 01:29
Back to Top