CVE-2024-36497

critical

Description

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

References

https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

https://r.sec-consult.com/winselect

http://seclists.org/fulldisclosure/2024/Jun/12

Details

Source: Mitre, NVD

Published: 2024-06-24

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.0009

Detections

Analytics