CVE-2018-10959

Published: Apr 17, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.

Affected (2)

Products: Beyondtrust: Avecto Defendpoint

Beyondtrust

1 product

Avecto Defendpoint

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Beyondtrust Avecto Defendpoint	From 4.0 to 4.4.267.0
Beyondtrust Avecto Defendpoint	From 5.0 to 5.1.149.0

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (10)

https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_4.4.267.0_SR6.pdf

Source: cve@mitre.org

https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_5.1.149.0_SR1.pdf

Source: cve@mitre.org

https://hackandpwn.com/cve-2018-10959/

Source: cve@mitre.org

https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-4-4-sr6.pdf

Source: cve@mitre.org

https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-5-1.pdf

Source: cve@mitre.org

https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_4.4.267.0_SR6.pdf