Bug 13797

Summary: [CVE 21] proximity 0.0.1 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED DUPLICATE QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: e.kosachev, s.matveev, v.potapov, y.tumanov
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2021-1240,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:05:33 MSK 
Please patch CVEs for package proximity version 0.0.1
  
INFO (CVEs are): proximity 0.0.1
 cves found
CVE-2021-1240
Desc: A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user&rsquo;s account.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-1240
Severity: HIGH
Comment 1 Vladimir Potapov 2023-10-20 18:08:06 MSK 

*** This bug has been marked as a duplicate of bug 13929 ***