CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-0437

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.069

EPSS Ranking 91.0%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2018-0437

Cisco » Umbrella Enterprise Roaming Client » Version: 1.2.0

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:1.2.0
Cisco » Umbrella Enterprise Roaming Client » Version: 1.7.269

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:1.7.269
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.1

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.1
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.168

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.168
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.213

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.213
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.255

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.255
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.331

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.331
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.338

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.338
Cisco » Umbrella Enterprise Roaming Client » Version: 2.0.341

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.0.341
Cisco » Umbrella Enterprise Roaming Client » Version: 2.1.0

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.1.0
Cisco » Umbrella Enterprise Roaming Client » Version: 2.1.108

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.1.108
Cisco » Umbrella Enterprise Roaming Client » Version: 2.1.112

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.1.112
Cisco » Umbrella Enterprise Roaming Client » Version: 2.1.9

cpe:2.3:a:cisco:umbrella_enterprise_roaming_client:2.1.9
Cisco » Umbrella Roaming Module » Version: 4.3(1095)

cpe:2.3:a:cisco:umbrella_roaming_module:4.3(1095)
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-0437

Products

Pricing

Contact Us