CVE-2024-36497 - Vulnerability Details - OpenCVE

Description

The decrypted configuration file contains the password in cleartext
which is used to configure WINSelect. It can be used to remove the
existing restrictions and disable WINSelect entirely.

Published: 2024-06-24

Score: 9.1 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Faronics

WINSelect (Standard + Enterprise)

affected

Version	Status	Constraints
`8.30.xx.903`	unaffected	—

No data.

No data.

No data available yet.

Remediation

Vendor Solution

The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL: https://www.faronics.com/document-library/document/download-winselect-standard The vendor provided the following changelog: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36126	The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00141.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jun/12
https://r.sec-consult.com/winselect
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

History

No history.

Subscriptions

Faronics Winselect

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2024-06-24T09:06:03.500Z

Updated: 2025-02-13T17:52:56.098Z

Reserved: 2024-05-29T06:48:49.689Z

Link: CVE-2024-36497

Vulnrichment

Updated: 2024-08-02T03:37:05.236Z

NVD

Status : Deferred

Published: 2024-06-24T09:15:09.973

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-36497

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-312

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36497", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2024-05-29T06:48:49.689Z", "datePublished": "2024-06-24T09:06:03.500Z", "dateUpdated": "2025-02-13T17:52:56.098Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "WINSelect (Standard + Enterprise)", "vendor": "Faronics", "versions": [{"status": "unaffected", "version": "8.30.xx.903", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Daniel Hirschberger | SEC Consult Vulnerability Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><p></p><p></p><p>The decrypted configuration file contains the password in cleartext \nwhich is used to configure WINSelect. It can be used to remove the \nexisting restrictions and disable WINSelect entirely.</p><p></p><p></p><p></p>"}], "value": "The decrypted configuration file contains the password in cleartext \nwhich is used to configure WINSelect. It can be used to remove the \nexisting restrictions and disable WINSelect entirely."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-25T06:06:07.376Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/winselect"}, {"tags": ["release-notes"], "url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/12"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/document-library/document/download-winselect-standard\">https://www.faronics.com/document-library/document/download-winselect-standard</a><br>  </p><p>The vendor provided the following changelog:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes\">https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes</a></p><br>"}], "value": "The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:\n https://www.faronics.com/document-library/document/download-winselect-standard \n \u00a0\n\nThe vendor provided the following changelog:\n https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"}], "source": {"discovery": "UNKNOWN"}, "title": "Unhashed Storage of Password", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "faronics", "product": "winselect", "cpes": ["cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "8.30.xx.903", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T14:29:57.397820Z", "id": "CVE-2024-36497", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T14:30:01.406Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.236Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://r.sec-consult.com/winselect"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/12", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://r.sec-consult.com/winselect", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes", "tags": ["release-notes", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/12", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.236Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36497", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-24T14:29:57.397820Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:faronics:winselect:*:*:*:*:*:*:*:*"], "vendor": "faronics", "product": "winselect", "versions": [{"status": "affected", "version": "0", "lessThan": "8.30.xx.903", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T14:29:49.529Z"}}], "cna": {"title": "Unhashed Storage of Password", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Daniel Hirschberger | SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "affected": [{"vendor": "Faronics", "product": "WINSelect (Standard + Enterprise)", "versions": [{"status": "unaffected", "version": "8.30.xx.903", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:\n https://www.faronics.com/document-library/document/download-winselect-standard \n \u00a0\n\nThe vendor provided the following changelog:\n https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes", "supportingMedia": [{"type": "text/html", "value": "<p>The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/document-library/document/download-winselect-standard\">https://www.faronics.com/document-library/document/download-winselect-standard</a><br>  </p><p>The vendor provided the following changelog:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes\">https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes</a></p><br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/winselect", "tags": ["third-party-advisory"]}, {"url": "https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes", "tags": ["release-notes"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/12"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The decrypted configuration file contains the password in cleartext \nwhich is used to configure WINSelect. It can be used to remove the \nexisting restrictions and disable WINSelect entirely.", "supportingMedia": [{"type": "text/html", "value": "<p></p><p></p><p></p><p>The decrypted configuration file contains the password in cleartext \nwhich is used to configure WINSelect. It can be used to remove the \nexisting restrictions and disable WINSelect entirely.</p><p></p><p></p><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-06-25T06:06:07.376Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36497", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:52:56.098Z", "dateReserved": "2024-05-29T06:48:49.689Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-06-24T09:06:03.500Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}