7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.6%
INplc provided by MICRONET CORPORATION contains multiple vulnerabilities listed below.
DLL preloading vulnerability (CWE-427) - CVE-CVE-2018-0667
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Base Score: 7.8 |
CVSS v2 | AV:N/AC:M/AU:N/C:P/I:P/A:P | Base Score: 6.8 |
Buffer overflow (CWE-119) - CVE-2018-0668
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/AU:N/C:P/I:P/A:P | Base Score: 7.5 |
Authentication bypass (CWE-287) - CVE-2018-0669
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/AU:N/C:P/I:P/A:P | Base Score: 7.5 |
Authentication bypass (CWE-287) - CVE-2018-0670
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/AU:N/C:P/I:P/A:P | Base Score: 7.5 |
Privilege escalation - CVE-2018-0671
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | Base Score: 8.8 |
CVSS v2 | AV:L/AC:M/AU:S/C:P/I:P/A:P | Base Score: 4.1 |
Use the latest installer - CVE-2018-0667
Use the latest installer according to the information provided by the developer.
Also when executing the installer, be sure to check there are no suspicious files in the directory where the installer resides.
Note that this vulnerability affects the installer only, thus users who have already installed INplc do not need to re-install the software.
Update the software - CVE-2018-0668, CVE-2018-0669, CVE-2018-0670, CVE-2018-0671
Update to the latest version according to the information provided by the developer.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.6%