Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0197

Published: 27/02/2024 Updated: 27/02/2024

Vulnerability Summary

A flaw in the installer for Thales SafeNet Sentinel HASP LDK before 9.16 on Windows allows an malicious user to escalate their privilege level via local access.

Github Repositories

https://github.com/ewilded/CVE-2024-0197-POC

Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.

CVE-2024-0197-POC Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK I initially wanted to develop one, but eventually that turned out to be unnecessary There is no race condition to win, and a simple DLL search order hijacking from a known location suffices to attain SYSTEM We simply: compile rawcpp as fltlibdll and put it into AppData\Local\Temp

References

https://supportportal.thalesgroup.comhttps://nvd.nist.govhttps://github.com/ewilded/CVE-2024-0197-POC
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook