8.8
CVE-2018-18987
- EPSS 3.2%
- Veröffentlicht 30.11.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:59
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginVT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Invt ≫ Vt-designer Version2.1.7.31
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.2% | 0.865 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
http://www.securityfocus.com/bid/106071
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01