Sign-up

ID

VAR-200412-0466


CVE

CVE-2004-2359


TITLE

Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 9714 // CNNVD: CNNVD-200412-1017

DESCRIPTION

Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality. It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software starting with SYSTEM privileges, to enable access to the wireless hardware, and subsequently failing to drop them. This may allow a local attacker to manipulate the GUI of the vulnerable application to spawn arbitrary processes with the privileges of the affected process. Although only version 3.10.39.0 of the utility has been reported vulnerable, it is likely that other versions are prone as well. Dell TrueMobile TM 1300 WLAN is a mini-PCI wireless network card system, including a system tray Applet program to control the device

Trust: 1.35

sources: NVD: CVE-2004-2359 // BID: 9714 // VULHUB: VHN-10787 // VULMON: CVE-2004-2359

AFFECTED PRODUCTS

vendor:dellmodel:truemobile 1300 wlan mini-pci card util trayappletscope:eqversion:3.10.39.0

Trust: 1.6

vendor:dellmodel:truemobile wlan mini-pci card utilityscope:eqversion:13003.10.39.0

Trust: 0.3

sources: BID: 9714 // CNNVD: CNNVD-200412-1017 // NVD: CVE-2004-2359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2359
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-1017
value: CRITICAL

Trust: 0.6

VULHUB: VHN-10787
value: HIGH

Trust: 0.1

VULMON: CVE-2004-2359
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-2359
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-10787
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10787 // VULMON: CVE-2004-2359 // CNNVD: CNNVD-200412-1017 // NVD: CVE-2004-2359

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2359

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1017

TYPE

Design Error

Trust: 0.9

sources: BID: 9714 // CNNVD: CNNVD-200412-1017

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10787 // 
            
            
            
            VULMON: CVE-2004-2359

EXTERNAL IDS
db:BIDid:9714
Trust: 2.1
db:NVDid:CVE-2004-2359
Trust: 1.8
db:SECUNIAid:10949
Trust: 1.8
db:SECTRACKid:1009174
Trust: 1.8
db:CNNVDid:CNNVD-200412-1017
Trust: 0.7
db:NSFOCUSid:6088
Trust: 0.6
db:XFid:15285
Trust: 0.6
db:VULNWATCHid:20040222 DELL TRUEMOBILE WIRELESS HELP PRIVILEGE ESCALATION VULNERABILITY
Trust: 0.6
db:EXPLOIT-DBid:23739
Trust: 0.2
db:SEEBUGid:SSVID-77489
Trust: 0.1
db:VULHUBid:VHN-10787
Trust: 0.1
db:VULMONid:CVE-2004-2359
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10787 // 
            
            
            
            VULMON: CVE-2004-2359 // 
            
            
            
            BID: 9714 // 
            
            
            
            CNNVD: CNNVD-200412-1017 // 
            
            
            
            NVD: CVE-2004-2359

REFERENCES
url:http://www.securityfocus.com/bid/9714
Trust: 1.8
url:http://securitytracker.com/id?1009174
Trust: 1.8
url:http://secunia.com/advisories/10949
Trust: 1.8
url:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0042.html
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15285
Trust: 1.2
url:http://xforce.iss.net/xforce/xfdb/15285
Trust: 0.6
url:http://www.nsfocus.net/vulndb/6088
Trust: 0.6
url:http://www.dell.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/23739/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10787 // 
            
            
            
            VULMON: CVE-2004-2359 // 
            
            
            
            BID: 9714 // 
            
            
            
            CNNVD: CNNVD-200412-1017 // 
            
            
            
            NVD: CVE-2004-2359

CREDITS
Ian Vitekā€» ian.vitek@as5-5-7.bi.s.bonet.se
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-1017

SOURCES
db:VULHUBid:VHN-10787
db:VULMONid:CVE-2004-2359
db:BIDid:9714
db:CNNVDid:CNNVD-200412-1017
db:NVDid:CVE-2004-2359

LAST UPDATE DATE
2024-08-14T15:36:06.729000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10787date:2017-07-11T00:00:00
db:VULMONid:CVE-2004-2359date:2017-07-11T00:00:00
db:BIDid:9714date:2004-02-22T00:00:00
db:CNNVDid:CNNVD-200412-1017date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2359date:2017-07-11T01:31:49.670

SOURCES RELEASE DATE
db:VULHUBid:VHN-10787date:2004-12-31T00:00:00
db:VULMONid:CVE-2004-2359date:2004-12-31T00:00:00
db:BIDid:9714date:2004-02-22T00:00:00
db:CNNVDid:CNNVD-200412-1017date:2004-02-22T00:00:00
db:NVDid:CVE-2004-2359date:2004-12-31T05:00:00