CVE-2026-12602

HIGH EPSS 2.3%

Published Jun 22, 20261w ago · Modified Jun 22, 20261w ago

8.8 CVSS 4.0

High

Published Jun 22, 2026 1w ago

Last Modified Jun 22, 2026 1w ago

Description

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.

CVSS Details

Base Score

8.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

2.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-276

References 1

incibe.es https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-permissions-arubasign-aruba

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.