CVE-2018-16715

EPSS 0.24%
Veröffentlicht 08.09.2018 10:29:01
Zuletzt bearbeitet 21.11.2024 03:53:12
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Absolute ≫ Ctes Windows Agent Version <= 1.0.0.1479

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://community.absolute.com/s/article/Absolute-Security-Bulletin-ASB1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16715

EUVD