Affected system:
ISS BlackIce Server Protection 3.6 cnoISS BlackIce Server Protection 3.6 cchISS BlackIce Server Protection 3.6 ccgISS BlackIce Server Protection 3.6 ccfISS BlackIce Server Protection 3.6 cceISS BlackIce Server Protection 3.6 ccdISS BlackIce Server Protection 3.6 cccISS BlackIce Server Protection 3.6 ccbISS BlackIce Server Protection 3.6 ccaISS BlackIce Server Protection 3.6 CBZISS Blackice Server Protection 3.6 CBR
Detailed Description:
Blackice Server Protect is a firewall system developed by ISS. Blackice Server Protect firewall.ini default permission settings are incorrect, local attackers can use this vulnerability to modify the configuration file, destroy firewall rules.
When the Blackice is installed, the FireWall.ini file is installed in the local C: / Program files / ISS / Blackice directory, but the default ACL rule is all control. This allows local non-privileged users to delete or modify firewall rules, leading to the original safety rules.
At present, the vendor has not yet provided patches or upgrade procedures.
