CVE-2018-9859

Published: Jun 16, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

Affected (1)

Products: Navercorp: Whale

Navercorp

1 product

Whale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Navercorp Whale	Before 1.0.40.7

References (2)

https://cve.naver.com/detail/cve-2018-9859.html

Source: cve@mitre.org

Vendor Advisory

https://cve.naver.com/detail/cve-2018-9859.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.