7.8

CVE-2018-12441

EPSS 0.03%
Veröffentlicht 11.10.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:45:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Corsair ≫ Corsair Utility Engine Version3.2.87

Corsair ≫ Corsair Utility Engine Version3.3.103

Corsair ≫ Corsair Utility Engine Version3.4.95

Corsair ≫ Corsair Utility Engine Version3.6.109

Corsair ≫ Corsair Utility Engine Version3.7.99

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/TheRealJoeDoran/CVE/blob/master/CVE-2018-12441/CVE-2018-12441.txt

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-12441

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12441

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12441

EUVD