Vulnerability CVE-2018-13101


Published: 2018-07-03

Description:
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redswimmer -> Kiosksimple 

 References:
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md

Copyright 2024, cxsecurity.com

 

Back to Top