CVE-2024-36496

Public Exploit
Hardcoded Credentials

Description

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.

Remediation

Solution:

  • The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL: https://www.faronics.com/document-library/document/download-winselect-standard   The vendor provided the following changelog: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.20%
Third-Party Advisory sec-consult.com
Affected: Faronics WINSelect (Standard + Enterprise)
Published at:
Updated at:

References

Link Tags
https://r.sec-consult.com/winselect third party advisory exploit
https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes release notes
http://seclists.org/fulldisclosure/2024/Jun/12

Frequently Asked Questions

What is the severity of CVE-2024-36496?
CVE-2024-36496 has been scored as a high severity vulnerability.
How to fix CVE-2024-36496?
To fix CVE-2024-36496: The vendor provides a patched version 8.30.xx.903 since May 2024 which can be downloaded from the following URL: https://www.faronics.com/document-library/document/download-winselect-standard   The vendor provided the following changelog: https://www.faronics.com/en-uk/document-library/document/winselect-standard-release-notes
Is CVE-2024-36496 being actively exploited in the wild?
It is possible that CVE-2024-36496 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-36496?
CVE-2024-36496 affects Faronics WINSelect (Standard + Enterprise).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.