Privilege Escalation Vulnerability in NetSetMan Pro by NetSetMan
CVE-2021-34546

6.8MEDIUM

Key Information:

Vendor

Netsetman

Status
Netsetman
Vendor
CVE Published:
10 June 2021

What is CVE-2021-34546?

An unauthenticated attacker with physical access to a system running NetSetMan Pro prior to version 5.0 can exploit a specific configuration. If the pre-logon profile switch button is enabled on the Windows logon screen, the attacker may invoke the 'save log to file' feature to drop to an administrative shell. This vulnerability allows the execution of arbitrary commands with SYSTEM privileges by simply navigating to cmd.exe, posing a significant security risk to systems utilizing this software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.secuvera.de/advisories/secuvera-SA-2021-01.txt
x_refsource_MISC
https://www.secuvera.de
x_refsource_MISC
https://www.netsetman.com
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.