CVE-2018-12572

Exploit

EPSS 0.03%
Veröffentlicht 21.03.2019 16:00:14
Zuletzt bearbeitet 21.11.2024 03:45:27
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avast ≫ Free Antivirus Version < 19.1.2360

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-12572

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12572

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12572

EUVD