CVE-2018-9853

Published: Jul 10, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.

Affected (1)

Products: Freesshd: Freesshd

Freesshd

1 product

Freesshd

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freesshd Freesshd	Version 1.3.1

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://medium.com/%40TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a

Source: cve@mitre.org

https://medium.com/%40TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.