| SVE-002448 | Date: (C)2021-09-14 (M)2021-10-29 |
NETGATE Data Backup Unquoted Service Path Vulnerability. NETGATE Data Backup suffers from an unquoted service path vulnerability. The flaw exists in the 'NGDatBckpSrv' parameter and a successful attempt would require the local user to be able to insert code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V3 Severity: | CVSS V2 Severity: |
| CVSS Score : 7.8 | CVSS Score : 4.6 |
| Exploit Score: 1.8 | Exploit Score: 3.9 |
| Impact Score: 5.9 | Impact Score: 6.4 |
| |
| CVSS V3 Metrics: | CVSS V2 Metrics: |
| Attack Vector: LOCAL | Access Vector: LOCAL |
| Attack Complexity: LOW | Access Complexity: LOW |
| Privileges Required: LOW | Authentication: NONE |
| User Interaction: NONE | Confidentiality: PARTIAL |
| Scope: UNCHANGED | Integrity: PARTIAL |
| Confidentiality: HIGH | Availability: PARTIAL |
| Integrity: HIGH | |
| Availability: HIGH | |
| | |
