|CVSS SCORE||6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C)|
The specific flaw exists within the file permissions set during product installation. The World account is set to have full rights to the directory that contains the binaries that are executed by system administrators. File substitution would then allow a standard user on the system to replace code that is subsequently run by a system administrator.
01/13/2016 - ZDI disclosed the report for this vendor to ICS-CERT