GHSA-vx2x-9cff-fhjw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vx2x-9cff-fhjw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-vx2x-9cff-fhjw/GHSA-vx2x-9cff-fhjw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vx2x-9cff-fhjw
- Published
- 2022-12-06T21:13:49Z
- Modified
- 2024-12-03T06:08:14.546218Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- DSInternals Credential Roaming Elevation of Privilege Vulnerability
- Details
-
Impact
A vulnerability exists in the
DSInternals.Common.Data.RoamedCredential.Save()method, which incorrectly parses themsPKIAccountCredentialsLDAP attribute values. As a consequence, a malicious actor would be able to modify the file system of the computer where an application using this function is executed with administrative privileges.A similar security issue used to be present in the Windows operating system, as DSInternals re-implements the Credential Roaming feature of Windows.
Exploitability
The vulnerability can be exploited under the following circumstances: - An attacker is able to modify the
msPKIAccountCredentialsattribute of a user account in Active Directory. This attribute is used by the Credential Roaming feature of Windows and each AD user can modify their own roamed credentials. AND - A 3rd party application uses theDSInternals.Commonlibrary to export roamed credentials from Active Directory to a file system. AND - The application has administrative privileges on the local system.The probability of any 3rd-party product using the
DSInternals.Commonlibrary being affected by this vulnerability is extremely low.Patches
The issue had been fixed in DSInternals 4.8.
References
https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-06T21:13:49Z" }- References
Affected packages
NuGet / DSInternals.Common
Package
- Name
- DSInternals.Common
- View open source insights on deps.dev
- Purl
- pkg:nuget/DSInternals.Common