CVE-2017-5996
HIGHBeyondTrust Remote Support 15.2.x-15.2.2 16.1.x-16.1.4 16.2.x-16.2.3 - DLL Hijacking via Weak ProgramData Permissions
Title source: llmDescription
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
References (2)
Core 2
Core References
Issue Tracking, Release Notes, Third Party Advisory x_refsource_misc
https://www.vsecurity.com/download/advisories/20171026-1.txt
Issue Tracking, Release Notes, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039679
Scores
CVSS v3
7.8
EPSS
0.0130
EPSS Percentile
66.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (8)
beyondtrust/remote_support
15.2.1
beyondtrust/remote_support
15.2.2
beyondtrust/remote_support
16.1.1
beyondtrust/remote_support
16.1.2
beyondtrust/remote_support
16.1.3
beyondtrust/remote_support
16.1.4
beyondtrust/remote_support
16.2.1
beyondtrust/remote_support
16.2.2
Published
Oct 26, 2017
Tracked Since
Feb 18, 2026