CVE-2018-18332

Published: Dic 21, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2018-10063 Aliases: GSD-2018-18332
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0023
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

732

Incorrect Permission Assignment for Critical Resource

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Integrity Other
Potential Impacts:
Read Application Data Read Files Or Directories Gain Privileges Or Assume Identity Modify Application Data Other
Applicable Platforms
Technologies: Not Technology-Specific, Cloud Computing
Likelihood of Exploit: High
View CWE Details
Application

Officescan by Trendmicro

Product Information
Vendor Trendmicro
Product Officescan
Version xg
cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://success.trendmicro.com/solution/1121674
Mitigation Vendor Advisory
https://success.trendmicro.com/solution/1121674
https://success.trendmicro.com/solution/1121674
Mitigation Vendor Advisory
https://success.trendmicro.com/solution/1121674