Netherlands-based Gemalto has a security update to mitigate an uncontrolled search path element vulnerability in its Sentinel UltraPro, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by ADLab of Venustech, could allow execution of unauthorized code or commands.
Sentinel UltraPro Client Library ux32w.dll encryption keys versions 1.3.0, 1.3.1, and 1.3.2.
The uncontrolled search path element vulnerability enables an attacker to load and execute a malicious file from the ux32w.dll in Sentinel UltraPro.
CVE-2019-6534 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.
The product sees use mainly in the communications, financial services, government facilities, healthcare and public health, and information technology sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. However, an attacker with low skill level could leverage the vulnerability.
Users who have Sentinel UltraPro Client Library ux32w.versions v1.3.0, v1.3.1 or v1.3.2 are advised to upgrade to Sentinel UtraPro v1.3.3 in order to enable this security update.
For additional information, click on Gemalto’s security bulletin.