Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
AnalysisAI
Local privilege escalation in HCL BigFix Platform on Windows allows authenticated users with low privileges to access cryptographic private keys due to overly permissive file system permissions, potentially enabling complete system compromise with cross-scope impact. Authentication required (PR:L). No public exploit identified at time of analysis, though the attack is rated low complexity and fully automated. CVSS 8.8 severity driven by scope change and complete confidentiality/integrity/availability impact.
Technical ContextAI
HCL BigFix Platform is an enterprise endpoint management and security compliance solution. This vulnerability stems from CWE-276 (Incorrect Default Permissions), where private cryptographic keys stored on Windows file systems lack proper access controls. These keys are critical security assets used for authentication, encryption, or code signing within the BigFix infrastructure. When file system permissions allow low-privileged users to read private keys, attackers can extract cryptographic material to impersonate system components, decrypt sensitive data, or sign malicious payloads as trusted entities. The CVSS scope change metric (S:C) indicates the vulnerability enables attackers to affect resources beyond the vulnerable component's security authority, suggesting the compromised keys could grant access to broader BigFix management operations or controlled endpoints.
RemediationAI
Consult HCL vendor advisory KB0129906 at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129906 for patching guidance and specific fixed versions. Primary remediation involves applying vendor-released updates that correct file system permissions on cryptographic private key storage locations. As an interim mitigation, system administrators should manually audit and restrict NTFS permissions on BigFix private key directories to ensure only SYSTEM and authorized service accounts have read access, removing any inherited permissions that grant access to low-privileged user groups. Organizations should review Windows file system permissions on all BigFix Platform directories containing cryptographic material and implement least-privilege access controls aligned with vendor security hardening guidance.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18095