exploitDog

CVE-2018-13101

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

Ссылки

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md
Third Party Advisory
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redswimmer:kiosksimple:1.4.7.0:*:*:*:*:windows:*:*

EPSS

Процентиль: 71%

0.00695

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-95q9-r6jm-cg3p

CVSS3: 9.8

github

больше 3 лет назад

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

EPSS

Процентиль: 71%

0.00695

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo