CVE-2018-18253

{"id": "CVE-2018-18253", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2019-03-15T15:29:00.443", "references": [{"url": "https://improsec.com/tech-blog/cam1", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://improsec.com/tech-blog/cam1", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases."}, {"lang": "es", "value": "Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe intenta aplicar los controles de acceso a\u00f1adiendo un usuario no privilegiado al grupo local de Administradores durante un per\u00edodo de tiempo muy corto para ejecutar un \u00fanico comando. Sin embargo, el usuario se mantiene en dicho grupo si el comando tiene un fallo inesperado y, adem\u00e1s, ocurre una condici\u00f3n de carrera en todos los casos."}], "lastModified": "2024-11-21T03:55:35.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:capmon:access_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C7571C-6E5E-4D68-A976-733275153FC0", "versionEndIncluding": "5.4.1.1005"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}