Описание
The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:corsair:link:4.9.7.35:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:corsair:axi:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:commander_mini:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:commander_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h100i:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h100i_gtx:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h100i_v2:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h110i:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h110i_gt:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h110i_gtx:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h115i:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h80i:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h80i_gt:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:h80i_v2:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:hxi:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:lighting_node_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:rm:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:rmi:-:*:*:*:*:*:*:*
cpe:2.3:h:corsair:x99:-:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00711
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-276
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.
EPSS
Процентиль: 72%
0.00711
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-276