CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12441

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.2%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

Products affected by CVE-2018-12441

Corsair » Corsair Utility Engine » Version: 3.2.87

cpe:2.3:a:corsair:corsair_utility_engine:3.2.87
Corsair » Corsair Utility Engine » Version: 3.3.103

cpe:2.3:a:corsair:corsair_utility_engine:3.3.103
Corsair » Corsair Utility Engine » Version: 3.4.95

cpe:2.3:a:corsair:corsair_utility_engine:3.4.95
Corsair » Corsair Utility Engine » Version: 3.6.109

cpe:2.3:a:corsair:corsair_utility_engine:3.6.109
Corsair » Corsair Utility Engine » Version: 3.7.99

cpe:2.3:a:corsair:corsair_utility_engine:3.7.99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12441

Products

Pricing

Contact Us