Netwrix Password Secure
Moderate fix1 remedy
cpe:2.3:a:netwrix:password_secure:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 9.2.1
Netwrix Password Secure OS Command Injection Vulnerability
Vulnerability
Patched
A command injection vulnerability has been identified in Netwrix Password Secure version 9.2.0.32454. This vulnerability allows authenticated users to execute arbitrary operating system commands. The issue arises in the application's document and application sharing features, where a crafted shared document can trigger the execution of unauthorized commands on the recipient's system.
Impact
Exploitation of this vulnerability leads to authenticated remote code execution on the affected user's system.
Reproduction
To reproduce this vulnerability, an authenticated user can upload a PDF file through the application's 'Documents' tab. After uploading, the user can modify the document link to change the file path to an executable, such as 'PowerShell.exe', while injecting a payload into the 'DocumentParams' attribute. Once the link is shared and opened by the recipient, the injected payload is executed, demonstrating the command injection flaw.
Remediation
Users are advised to update Netwrix Password Secure to version 9.2.2, which addresses this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
10.0exploitability
6.2remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.