CVE-2018-13140

Опубликовано: 24 сент. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

Ссылки

http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Sep/38
Exploit
Mailing List
Third Party Advisory
https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Sep/38
Exploit
Mailing List
Third Party Advisory
https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:druide:antidote_9:*:*:*:*:*:*:*:*

Версия до 5.1 (включая)

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0919

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-9jg5-w45g-pr75