Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_4.4.267.0_SR6.pdf - | |
References | () https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_5.1.149.0_SR1.pdf - | |
References | () https://hackandpwn.com/cve-2018-10959/ - | |
References | () https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-4-4-sr6.pdf - | |
References | () https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-5-1.pdf - |
Information
Published : 2019-04-17 15:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-10959
Mitre link : CVE-2018-10959
CVE.ORG link : CVE-2018-10959
JSON object : View
Products Affected
beyondtrust
- avecto_defendpoint
CWE
CWE-426
Untrusted Search Path