Lucene search

TalosCVE-2018-4007

HistoryApr 17, 2019 - 3:29 p.m.

CVE-2018-4007

2019-04-1715:29:00

CWE-20

talos

web.nvd.nist.gov

shimo vpn

cve-2018-4007

privilege escalation

vulnerability

nvd

exploit

local access

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

12.8%

JSON

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.

Affected configurations

Nvd

Vulners

Node

shimovpnshimo_vpnMatch4.1.5.1

VendorProductVersionCPE
shimovpnshimo_vpn4.1.5.1cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shimovpn	shimo_vpn	4.1.5.1	cpe:2.3:a:shimovpn:shimo_vpn:4.1.5.1:::::::*

CNA Affected

[
  {
    "product": "Shimo VPN",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Shimo VPN 4.1.5.1"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0676

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

12.8%

JSON

Related for CVE-2018-4007