Vulnerability Details CVE-2018-10959
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_4.4.267.0_SR6.pdf
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_5.1.149.0_SR1.pdf
- https://hackandpwn.com/cve-2018-10959/
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-4-4-sr6.pdf
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-5-1.pdf
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_4.4.267.0_SR6.pdf
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Client_Release_Notes_5.1.149.0_SR1.pdf
- https://hackandpwn.com/cve-2018-10959/
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-4-4-sr6.pdf
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-mac/windows/pm-windows-5-1.pdf
Products affected by CVE-2018-10959
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.191.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.247
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.349.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.369.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.375.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.0.387.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.149
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.234
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.255
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.262
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.271
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.273
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.1.279
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.118
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.131.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.136.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.138.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.50
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.58
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.3.78
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.145.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.177
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.199
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.222.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.233
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:4.4.92.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:5.0.102.0
-
cpe:2.3:a:beyondtrust:avecto_defendpoint:5.1.95.0