|
| |
| Unisys ID: |
UIS-2021-4 |
| Status: |
Published |
| CVE-ID: |
CVE-2021-35056 |
| Affected Product: |
Stealth(core) |
| Affected Version: |
5.1.x. 6.0.x |
| Impact: |
MEDIUM |
| CVSS v3.1 Base Score: |
6.0 |
| CVSS v3.1 Vector: |
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
v3 Calculator |
| CVSS v2.0 Base Score: |
6.2 |
| CVSS v2.0 Vector: |
(AV:L/AC:L/Au:S/C:N/I:C/A:C)
v2 Calculator |
| CVSS Temporal Score: |
4.9 |
| Common Weakness Enumeration (CWE):  |
CWE-428 |
| Common Platform Enumeration (CPE):  |
|
| Source: |
External Reported |
| Keyword(s): |
|
| Vulnerability Description: |
| The Unisys Stealth installation of Windows endpoint software packages creates a scheduled task in the Windows Task Scheduler that contains an executable. This installation routine introduces a risk for an unintended executable to be run instead of the intended Unisys Stealth executable that is associated with the scheduled task.
|
| System Configuration: |
Vulnerability present in any Stealth 5.1 Windows Endpoint below level 5.1.025.0, or Stealth 6.0 Windows Endpoint below level 6.0.055.0 Stealth versions 5.0, 4.x and 3.x are NOT effected. |
| Impact of Exploiting Vulnerability: |
| An attacker could potentially replace the intended executable with one which could interfere with normal endpoint operations. |
| Remediation Description: |
Vulnerability removed in these levels and higher:
Stealth hotfix-5.1.025.0-windows-endpoint.zip
Stealth hotfix-core-6.0.055.0-windows-endpoint.zip |
| Workaround Information: |
|
| References: |
Unisys PLE 19310141
Vulnerability discovered by Jeff McCain.
|
| Additional Vendor Comment: |
|