1. CVE-Search
  2. CVE-2017-7180
ID CVE-2017-7180
Summary Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
References
Vulnerable Configurations
  • cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.4:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.4:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.5:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.5:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.6:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:2.8.6:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:2.9.1:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:2.9.1:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:3.2.1:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:3.2.1:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:3.3.3:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:3.3.3:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:3.6.6:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:3.6.6:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:4.9.32:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:4.9.32:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:5.1.16:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:5.1.16:*:*:*:professional:*:*:*
  • cpe:2.3:a:eduiq:net_monitor_for_employees:5.3.4:*:*:*:professional:*:*:*
    cpe:2.3:a:eduiq:net_monitor_for_employees:5.3.4:*:*:*:professional:*:*:*
CVSS
Base: 6.9 (as of 25-05-2021 - 21:14)
Impact:
Exploitability:
CWE CWE-428
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
exploit-db 42141
Last major update 25-05-2021 - 21:14
Published 08-06-2017 - 12:29
Last modified 25-05-2021 - 21:14
Back to Top