CVE-2013-5701

Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability	Exploit
http://www.securitytracker.com/id/1028992	Exploit
http://seclists.org/fulldisclosure/2013/Sep/43	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:watchguard:server_center:11.7.3:::::::*
	cpe:2.3:a:watchguard:server_center::::::::

Information

Published : 2013-10-03 13:55

Updated : 2013-10-07 08:30

NVD link : CVE-2013-5701

Mitre link : CVE-2013-5701

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

watchguard

server_center

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability", "name": "https://www.rcesecurity.com/2013/09/cve-2013-5701-watchguard-server-center-v11-7-4-wgpr-dll-local-privileges-escalation-vulnerability", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1028992", "name": "1028992", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://seclists.org/fulldisclosure/2013/Sep/43", "name": "20130908 [CVE-2013-5701] Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability", "tags": ["Exploit"], "refsource": "FULLDISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5701", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-10-03T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:watchguard:server_center:11.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:watchguard:server_center:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.7.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-10-07T15:30Z"}

7.2 /10