Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-0624
HistorySep 07, 2018 - 2:29 p.m.

CVE-2018-0624

2018-09-0714:29:00
CWE-426
[email protected]
web.nvd.nist.gov
5

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.

Affected configurations

Nvd
Node
yayoi-kkaoiro_shinkokuRange23.1.1
OR
yayoi-kkhanbaiRange20.0.2
OR
yayoi-kkkaikeiRange23.1.1
OR
yayoi-kkkokyaku_kanriRange11.0.2
OR
yayoi-kkkyuuyoRange20.1.4
OR
yayoi-kkkyuuyo_keisanRange20.1.4
VendorProductVersionCPE
yayoi-kkaoiro_shinkoku*cpe:2.3:a:yayoi-kk:aoiro_shinkoku:*:*:*:*:*:*:*:*
yayoi-kkhanbai*cpe:2.3:a:yayoi-kk:hanbai:*:*:*:*:*:*:*:*
yayoi-kkkaikei*cpe:2.3:a:yayoi-kk:kaikei:*:*:*:*:*:*:*:*
yayoi-kkkokyaku_kanri*cpe:2.3:a:yayoi-kk:kokyaku_kanri:*:*:*:*:*:*:*:*
yayoi-kkkyuuyo*cpe:2.3:a:yayoi-kk:kyuuyo:*:*:*:*:*:*:*:*
yayoi-kkkyuuyo_keisan*cpe:2.3:a:yayoi-kk:kyuuyo_keisan:*:*:*:*:*:*:*:*

Related

prion 1
cve 1
cvelist 1
talosblog 1
exploitpack 1
canvas 1
exploitdb 1
thn 1
jvn 1
zdt 1
prion
prion
Design/Logic Flaw
2018-09-07 14:29:00
cve
cve
CVE-2018-0624
2018-09-07 14:29:00
cvelist
cvelist
CVE-2018-0624
2018-09-07 14:00:00
talosblog
talosblog
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
2024-08-01 12:00:14
exploitpack
exploitpack
Microsoft COM for Windows - Privilege Escalation
2018-06-18 00:00:00
canvas
canvas
Immunity Canvas: UNMARSHAL_TO_SYSTEM
2018-09-07 14:29:00
exploitdb
exploitdb
Microsoft COM for Windows - Privilege Escalation
2018-06-18 00:00:00
thn
thn
APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack
2024-08-02 16:32:00
jvn
jvn
JVN#06813756: DLL planting vulnerability in multiple Yayoi 17 Series products
2018-07-20 00:00:00
zdt
zdt
Microsoft COM for Windows - Privilege Escalation Exploit
2018-06-19 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON
Related for NVD:CVE-2018-0624
prion1cve1cvelist1talosblog1exploitpack1canvas1exploitdb1thn1jvn1zdt1