Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

CBRN-Analysis – Unprotected storage of application files

DATE

10.11.2022

Affected Vendor

Bruhn NewTech

Affected Product

CBRN-Analysis

Vulnerable version

21.0/A

Fixed version

22

CVSS

CVSS: 5.9 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Recommendations

Update to CBRN-Analysis v.22 or newer.

Vulnerability details

The CBRN-Analysis is an off-the-shelf CBRN Defence Knowledge Management Software Application that provides Knowledge Management, Hazard Prediction, and Warning and Reporting (W&R) capability, supporting the planning and execution of operations.

It’s a fat-client application that executes within a Windows session.

Multiple application files containing application content and user data are stored under the User’s Public Profile where the application is installed.

Any OS user of a server or workstation where the CBRN-Analysis is installed has sufficient privileges to modify the content of the CBRN-Analysis files. This can be used to steal sensitive content (such as a password hash) or to conduct privilege elevation attacks.

CVE

CVE-2022-45193

Credits

Dawid Czarnecki and Jerome Nokin from NATO Cyber Security Centre

References

https://nvd.nist.gov/vuln/detail/CVE-2022-45193

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?

Contact Us