7.8
CVE-2018-6755
- EPSS 0.04%
- Veröffentlicht 06.12.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 04:11:07
- Quelle trellixpsirt@trellix.com
- CVE-Watchlists
- Unerledigt
LoginTrue Key (TK) Windows Client - Weak Directory Permission Vulnerability
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.117 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 7.2 | 0.6 | 6 |
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.