Vulnerability CVE-2018-16156


Published: 2019-05-17

Description:
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
PaperStream IP (TWAIN) 1.42.0.5685 Local Privilege Escalation
1F98D
07.01.2021

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Fujitsu -> Paperstream ip (twain) 

 References:
https://www.securifera.com/advisories/cve-2018-16156/

Copyright 2024, cxsecurity.com

 

Back to Top