U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Win-911
  • Search Type: Search All
  • CPE Name Search: false
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2022-23922

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed.

Published: February 24, 2022; 2:15:10 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-23104

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program.

Published: February 24, 2022; 2:15:10 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Published: January 05, 2021; 11:15:14 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.

Published: January 05, 2021; 11:15:14 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM