The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ICONICS GENESIS32

computer vulnerability note CVE-2012-3018

ICONICS GENESIS32: privilege elevation via Security Configurator

Synthesis of the vulnerability

A local attacker can use a vulnerability of ICONICS GENESIS32 and BizViz applications, in order to elevate his privileges.
Impacted products: GENESIS32.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 31/07/2012.
Identifiers: BID-54732, CVE-2012-3018, ICSA-12-212-01, VIGILANCE-VUL-11809.

Description of the vulnerability

The access to ICONICS GENESIS32/BizViz requires a user account.

When an account is locked, it cannot be used to log in. A challenge-response operation is then required to enable the account. However, an attacker can bypass the challenge, and then log in on Security Configurator as an administrator.

A local attacker can therefore use a vulnerability of ICONICS GENESIS32 and BizViz applications, in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.