CVE-2018-18435

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one.

Ссылки

http://packetstormsecurity.com/files/151031/KioWare-Server-4.9.6-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-002.md
https://m.kioware.com/news/kioware-press-releases/kioware_server_security_patch_update
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/46093/
Exploit
Third Party Advisory
VDB Entry
https://www.kioware.com/patch.aspx
Patch
Vendor Advisory
http://packetstormsecurity.com/files/151031/KioWare-Server-4.9.6-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-002.md
https://m.kioware.com/news/kioware-press-releases/kioware_server_security_patch_update
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/46093/
Exploit
Third Party Advisory
VDB Entry
https://www.kioware.com/patch.aspx
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kioware:kioware_server:*:*:*:*:*:*:*:*

Версия до 4.9.6 (включая)

EPSS

Процентиль: 69%

0.0059

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-cv2p-jhjf-54gq