7.8

CVE-2018-19592

The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CorsairLink Version4.9.7.35
   CorsairAxi Version-
   CorsairCommander Mini Version-
   CorsairCommander Pro Version-
   CorsairH100i Version-
   CorsairH100i Gtx Version-
   CorsairH100i V2 Version-
   CorsairH110i Version-
   CorsairH110i Gt Version-
   CorsairH110i Gtx Version-
   CorsairH115i Version-
   CorsairH80i Version-
   CorsairH80i Gt Version-
   CorsairH80i V2 Version-
   CorsairHxi Version-
   CorsairLighting Node Pro Version-
   CorsairRm Version-
   CorsairRmi Version-
   CorsairX99 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.715
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.