Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371. Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631. Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. A successful exploit could allow the attacker to gain unauthorized access to the affected device. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. This vulnerability exists because session credentials do not properly expire. A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |