This article discusses vulnerabilities found in Inteset’s “Secure Lockdown — Multi Application Edition,” particularly in its kiosk mode. The author reports issues regarding inadequate security measures that allow unauthorized access to applications like Microsoft Edge, code execution via ClickOnce applications, and local file access vulnerabilities. The responsible disclosure attempts to the vendor were unproductive, leading to public disclosure in coordination with CERT/CC. Affected: Inteset, Secure Lockdown — Multi Application Edition, Microsoft Edge
Keypoints :
- Identified vulnerabilities in the Inteset “Secure Lockdown – Multi Application Edition” software.
- The software allows unauthorized users access to the Edge browser under certain conditions.
- ClickOnce applications can be downloaded and executed, placing systems at risk for code execution.
- Attempts at responsible disclosure to the vendor went unanswered, prompting public disclosure.
- Several mitigation strategies were recommended, but ultimate fixes should be vendor-driven.
MITRE Techniques :
- Execution (T1203): Code execution via malicious ClickOnce applications that can bypass security measures in the lockdown environment.
- Privilege Escalation (T1068): Excessive permissions can allow access to applications and administrative functions not intended for the user.
- Discovery (T1083): Local file read access through UNC paths when the browser is unlocked.
Indicator of Compromise :
- [Hash] CVE-2024–29500
- [Hash] CVE-2024–29502
Views: 0