MidnightBSD

Advisories for infotecs

CVE-2013-3496 HIGH

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
infotecs vipnet_client *
infotecs vipnet_coordinator *
infotecs vipnet_safedisk *
infotecs vipnet_personal_firewall *
CVE-2017-9606 MEDIUM

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-354,CWE-732,

Products Affected

Vendor Product Version
infotecs vipnet_client *
infotecs vipnet_coordinator *