Search Path or Unquoted Item Vulnerability Affects Faronics Deep Freeze Server Standard Versions 8.30.020.4627 and Earlier
CVE-2024-1618

7.8HIGH

Key Information:

Vendor: Faronics
Status: Deep Freeze Server Standard
Vendor: CVE Published:; 12 March 2024

What is CVE-2024-1618?

A search path vulnerability has been identified in Faronics Deep Freeze Server Standard, specifically affecting the DFServ.exe executable. This vulnerability allows an attacker with local user privileges to replace the legitimate DFServ.exe service file with a malicious version, ideally positioned in a higher priority directory. Consequently, when the service is initiated, the compromised executable is executed instead of the genuine file. This exploitation could grant the attacker the ability to execute arbitrary code, potentially resulting in unauthorized access to the system or disruption of the service's operation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Deep Freeze Server Standard 0 <= 8.30.020.4627

References

https://www.incibe.es/en/incibe-cert/notices/aviso/unquot...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 19, 2024

Credit

Rafael Pedrero

JSON

Faronics

What is CVE-2024-1618?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.