CVE-2018-19592
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.9.7.35 |
| Running on/with | Platform Versions |
|---|---|
Corsair Axi | All versions |
Corsair Commander Mini | All versions |
Corsair Commander Pro | All versions |
Corsair H100i | All versions |
Corsair H100i Gtx | All versions |
Corsair H100i V2 | All versions |
Corsair H110i | All versions |
Corsair H110i Gt | All versions |
Corsair H110i Gtx | All versions |
Corsair H115i | All versions |
Corsair H80i | All versions |
Corsair H80i Gt | All versions |
Corsair H80i V2 | All versions |
Corsair Hxi | All versions |
Corsair Lighting Node Pro | All versions |
Corsair Rm | All versions |
Corsair Rmi | All versions |
Corsair X99 | All versions |
References (4)
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.