exploitDog

CVE-2018-6623

Опубликовано: 12 мар. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.

Ссылки

http://seclists.org/fulldisclosure/2018/Mar/23
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Mar/23
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hola:vpn:1.79.859:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00269

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-7x7c-8qxj-65f3

CVSS3: 8.8

github

больше 3 лет назад

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.

EPSS

Процентиль: 50%

0.00269

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732