Detection Guidance

You can detect the vulnerability by checking if the affected software, Fujitsu Security Solution AuthConductor Client Basic V2, is installed and its version. On Windows systems, verify if "AuthConductor Client" appears in the Start menu application list. To check the version, click the "AuthConductor Client" icon in the taskbar notification area and select "About" or "Version Information". There are no specific network detection commands provided. For system detection, use Windows GUI as described. [2]

Useful 0 Not Useful 0

Executive Summary

This vulnerability is an origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. It allows an attacker who has logged into the Windows system where the affected product is installed to execute arbitrary code with SYSTEM privileges and/or modify registry values.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the AuthConductor Client Basic V2 software to the latest fixed version provided by Fujitsu Client Computing Limited. Specifically, update to version 2.0.25.1 or later if you do not use the face authentication option or use the "Face Authentication Option V2 Media Pack" (L07 or later). If you use the "Face Authentication Option V2 Media Pack" (before L07), update to version 2.0.24.3. Download the appropriate driver from Fujitsu's driver download page, extract it, and follow the included Readme instructions to apply the update. After updating, verify the version to confirm the update was successful. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow an attacker with access to the Windows system to execute arbitrary code with the highest system privileges (SYSTEM) and modify critical registry values, potentially leading to full system compromise, unauthorized changes, and disruption of system operations.

Useful 0 Not Useful 0