[Bugs] [Bug 13301] New: [CVE 21] proximity 0.0.1 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13301

          Platform: 2021.1
            Bug ID: 13301
           Summary: [CVE 21] proximity 0.0.1  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2021-1240,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package proximity version 0.0.1

INFO (CVEs are): proximity 0.0.1
 cves found
CVE-2021-1240
Desc: A vulnerability in the loading process of specific DLLs in Cisco
Proximity Desktop for Windows could allow an authenticated, local attacker to
load a malicious library. To exploit this vulnerability, the attacker must have
valid credentials on the Windows system. This vulnerability is due to incorrect
handling of directory paths at run time. An attacker could exploit this
vulnerability by placing a malicious DLL file in a specific location on the
targeted system. This file will execute when the vulnerable application
launches. A successful exploit could allow the attacker to execute arbitrary
code on the targeted system with the privileges of another user’s
account.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-1240
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/d4e8055a/attachment.html>