{"vulnerability": "cve-2022-4149", "sightings": [{"uuid": "7208f801-039c-4daa-b4e5-74bbebc0999b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4149", "type": "seen", "source": "https://t.me/cibsecurity/65256", "content": "\u203c CVE-2022-4149 \u203c\n\nThe Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\\SYSTEM which writes log files to a writable directory (C:\\Users\\Public\\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\\Users\\Public\\netSkope\\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-18T12:25:43.000000Z"}, {"uuid": "7cf96202-ae51-49be-b502-234a658fa2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41498", "type": "seen", "source": "https://t.me/cibsecurity/51586", "content": "\u203c CVE-2022-41498 \u203c\n\nBilling System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:11.000000Z"}]}