Lucene search

K
cve[email protected]CVE-2018-18748
HistoryOct 29, 2018 - 12:29 p.m.

CVE-2018-18748

2018-10-2912:29:09
web.nvd.nist.gov
27
sandboxie
cve-2018-18748
sandbox escape
security vulnerability
nvd

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

79.5%

Sandboxie 5.26 allows a Sandbox Escape via an “import os” statement, followed by os.system(“cmd”) or os.system(“powershell”), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product’s intended functionality

Affected configurations

NVD
Node
sandboxiesandboxieMatch5.26
CPENameOperatorVersion
sandboxie:sandboxiesandboxieeq5.26

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.007

Percentile

79.5%

Related for CVE-2018-18748