Description
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption
Published: 2026-06-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MSI NBFoundation Service v.2.0.2506.1201 contains a CWE-200 insecure permissions flaw that allows a remote attacker to obtain sensitive information encoded with 3DES-ECB. The vulnerability stems from improper access control. Based on the description, it is inferred that this flaw enables attackers to read or extract confidential data, thereby compromising confidentiality.

Affected Systems

The affected product is MSI NBFoundation Service version 2.0.2506.1201. No other vendors or versions are listed.

Risk and Exploitability

The EPSS score of < 1% and absence from KEV indicate limited publicly known exploitation. The CVSS score of 7.5 indicates high severity, meaning the vulnerability could have a considerable impact if exploited. Based on the provided details, it appears that attackers can retrieve encrypted data without overt intrusion. The high severity assessment warrants cautious mitigation.

Generated by OpenCVE AI on June 26, 2026 at 19:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check MSI for available updates that address the permission issue.
  • Restrict the service’s permissions to only authorized processes and users.
  • If the service is unnecessary, disable or remove it.
  • Transition from 3DES‑ECB to a stronger encryption mode (e.g., AES‑CBC or GCM) or otherwise ensure that sensitive data is not protected by a weak algorithm.

Generated by OpenCVE AI on June 26, 2026 at 19:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title MSI NBFoundation Service Insecure Permissions Enable Remote Information Disclosure via 3DES-ECB

Fri, 26 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Insecure Permissions Enable Remote Disclosure of Sensitive Data in MSI NBFoundation Service
Weaknesses CWE-284
CWE-311

Fri, 26 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Msi
Msi nbfoundation Service
Vendors & Products Msi
Msi nbfoundation Service

Thu, 25 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Insecure Permissions Enable Remote Disclosure of Sensitive Data in MSI NBFoundation Service
Weaknesses CWE-284
CWE-311

Thu, 25 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption
References

Subscriptions

Msi Nbfoundation Service
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-26T14:10:18.450Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37454

cve-icon Vulnrichment

Updated: 2026-06-26T14:10:13.866Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T20:00:05Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor