An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.
The vulnerability classified as CWE-281 (Improper Preservation of Permissions) results from improper handling of file permissions in SecureAge Security Suite software. An attacker, without the need to possess authentication or user interaction, can exploit this bug to manipulate the file system with elevated privileges. The network vector (AV:N) and lack of prerequisites (PR:N, UI:N) make the vulnerability particularly dangerous and easy to exploit remotely.
An attacker can arbitrarily create, modify, and delete files in the operating system, which in practice can lead to complete system takeover, data destruction, or installation of malicious software.
SecureAge Security Suite software should be updated to version 7.0.38 or later (in the 7.0.x branch), 7.1.11 or later (in the 7.1.x branch), 8.0.18 or later (in the 8.0.x branch), or 8.1.18 or later (in the 8.1.x branch). Details are available in the official manufacturer's statement at secureage.com/blog/resolved-escalation-of-privilege.
SecureAge Security Suite in versions: 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H