CVE-2024-36497

CRITICAL

WINSelect - Info Disclosure

Title source: llm

Description

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

References (3)

[Mailing List] http://seclists.org/fulldisclosure/2024/Jun/12

[Various Sources] https://r.sec-consult.com/winselect

[Various Sources] https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

Scores

CVSS v3 9.1

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-312

Status published

Products (1)

Faronics/WINSelect (Standard + Enterprise) 8.30.xx.903

Published Jun 24, 2024

Tracked Since Feb 18, 2026