Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1372Netvault vulnerability

4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 59.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Bakbone Netvault
Timeline
PublishedMay 3
Latest updateMay 1

Description

nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDbakbone/netvault7.1.1, 7.3+1

🔴Vulnerability Details

2
GHSA
GHSA-m4jr-h6p3-v5c5: nvstatsmngr2022-05-01
CVEList
CVE-2005-1372: nvstatsmngr2005-05-02

💥Exploits & PoCs

1
Exploit-DB
BakBone NetVault 7.1 - Local Privilege Escalation2005-04-27
CVE-2005-1372 — Bakbone Netvault vulnerability | cvebase