You have not given any consents yet.
ENG

Language

YSOFT SAFEQ CLIENT V3 LOCAL PRIVILEGE ESCALATION VULNERABILITY 

 

CVE-2022-38176

 
 

Assigning CNA: Mitre 

 

CVSS:3.1: 7.7

 

MITRE CVE-2022-38176

 

Initial Reporter: Temuujin Darkhantsetseg, GoSecure
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31859 


Affected Versions: All YSoft SAFEQ 6 Client V3 versions up to 6.0.71
 

Base Score Metrics 

 
 

Attack Vector: Local 

 

Attack Complexity: Low 

 

Privileges Required: Low 

 

User Interaction: Required 

 

Scope: Changed 

 

Impact Metrics: 

 

Confidentiality: High 

 

Integrity: High 

 

Availability: High 

 

Temporal Score Metrics 

 
 

Exploit Code Maturity: Proof of concept code 

 

Remediation Level: Workaround available

 

Report Confidence: Confirmed 

 

Executive Summary 

 

An privilege escalation vulnerability exists in some installations of the YSoft SAFEQ Client V3. Y Soft is working to release an official fix; a workaround script is currently available. Customers with software support can contact Y Soft to receive an automated script to implement the workaround. 

US