Description
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.
Published: 2026-06-22
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from ArubaSign’s installation routine granting the Windows “Everyone” group full permissions on the main executable and supporting files in C:\Program Files. This overly permissive setting allows a non‑privileged user to overwrite those binaries with malicious code, which then runs with the integrity level of the replacing process. The result is a possibility for arbitrary code execution locally. In the worst case, if the replaced code runs with elevated privileges such as Administrator or SYSTEM, the attacker can achieve full system compromise, violating confidentiality, integrity, and availability. No official fix has been reported at this time, so the risk remains until a vendor patch is released.

Affected Systems

ArubaSign from Aruba, versions prior to 4.6.6 installed on Windows systems. Users running the software without administrative rights on these versions are vulnerable because the installed files are writable by all users.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, and the vulnerability is exploitable by any user who can run code locally on the machine – the likely attack vector is a local, non‑privileged user modifying the binaries during or after installation. EPSS data is unavailable, so the exact likelihood cannot be quantified, but the lack of an official fix and the widespread insecure file permission pattern raise the risk. The vulnerability is not listed in CISA’s KEV catalog, but its high severity and the ease of exploitation make it a candidate for active monitoring and defensive action.

Generated by OpenCVE AI on June 22, 2026 at 14:51 UTC.

Remediation

Vendor Solution

No solution has been reported as yet.

OpenCVE Recommended Actions

  • Check for and apply an official Aruba vendor patch once it becomes available
  • If no patch is released, manually remove the “Everyone” permission from the ArubaSign executable directory and all contained files, leaving only Administrators and relevant service accounts with modify rights
  • Implement file‑integrity monitoring or antivirus rules to detect unauthorized replacements of ArubaSign binaries
  • Keep Windows and other system components updated and enforce least‑privilege user practices

Generated by OpenCVE AI on June 22, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.
Title Incorrect permissions in ArubaSign by Aruba
Weaknesses CWE-276
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-06-22T12:34:49.092Z

Reserved: 2026-06-18T11:18:05.156Z

Link: CVE-2026-12602

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T15:00:13Z

Weaknesses
  • CWE-276

    Incorrect Default Permissions