An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers.
The error results from improper permission management (CWE-269) — an unprivileged local user can interact with DriveLock privileged processes in a way that should not be possible. Through such manipulation, an attacker is able to take over or abuse the security context of these processes, effectively elevating their own privileges on a Windows workstation.
An attacker with access to a local account without administrative privileges can obtain higher privileges on a Windows computer, which in practice may mean full control over the system and the ability to bypass protection mechanisms imposed by DriveLock.
DriveLock should be updated to version 24.1.6 or newer (24.1 branch), 24.2.7 or newer (24.2 branch), or 25.1.5 or newer (25.1 branch). Details are available in the manufacturer's documentation at the address indicated in the references.
DriveLock version 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5 — installed on computers with Windows operating system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HDrivelock
APPDrivelock24.1 – 24.1.6 (bez)24.2 – 24.2.7 (bez)25.1 – 25.1.5 (bez)
Related vulnerabilities
DriveLock — obejście uwierzytelniania agenta (Auth Bypass) w DES
XSS w DriveLock Operations Center umożliwiający przejęcie sesji
DriveLock — nieautoryzowana eskalacja uprawnień do roli Supervisor przez API
DriveLock — privilege escalation umożliwiające przejęcie kontroli nad systemem
An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unpriv...