Vulnerability Details CVE-2018-6947
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://www.exploit-db.com/exploits/44167/
- https://www.exploit-db.com/exploits/44168/
- https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
- https://www.nomachine.com/SU02P00194
- https://www.nomachine.com/SU02P00195
- https://www.nomachine.com/TR02P08408
- https://www.exploit-db.com/exploits/44167/
- https://www.exploit-db.com/exploits/44168/
- https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
- https://www.nomachine.com/SU02P00194
- https://www.nomachine.com/SU02P00195
- https://www.nomachine.com/TR02P08408
Products affected by CVE-2018-6947
-
cpe:2.3:a:nomachine:nomachine:-
-
cpe:2.3:a:nomachine:nomachine:4.0.0
-
cpe:2.3:a:nomachine:nomachine:4.0.352
-
cpe:2.3:a:nomachine:nomachine:4.0.360
-
cpe:2.3:a:nomachine:nomachine:4.0.362
-
cpe:2.3:a:nomachine:nomachine:4.0.365
-
cpe:2.3:a:nomachine:nomachine:4.0.366
-
cpe:2.3:a:nomachine:nomachine:4.0.367
-
cpe:2.3:a:nomachine:nomachine:4.0.368
-
cpe:2.3:a:nomachine:nomachine:4.0.369
-
cpe:2.3:a:nomachine:nomachine:4.0.370
-
cpe:2.3:a:nomachine:nomachine:4.1.28
-
cpe:2.3:a:nomachine:nomachine:4.1.29
-
cpe:2.3:a:nomachine:nomachine:4.2.15
-
cpe:2.3:a:nomachine:nomachine:4.2.17
-
cpe:2.3:a:nomachine:nomachine:4.2.18
-
cpe:2.3:a:nomachine:nomachine:4.2.19
-
cpe:2.3:a:nomachine:nomachine:4.2.21
-
cpe:2.3:a:nomachine:nomachine:4.2.22
-
cpe:2.3:a:nomachine:nomachine:4.2.23
-
cpe:2.3:a:nomachine:nomachine:4.2.24
-
cpe:2.3:a:nomachine:nomachine:4.2.26
-
cpe:2.3:a:nomachine:nomachine:4.2.27
-
cpe:2.3:a:nomachine:nomachine:4.3
-
cpe:2.3:a:nomachine:nomachine:4.3.24
-
cpe:2.3:a:nomachine:nomachine:4.3.30
-
cpe:2.3:a:nomachine:nomachine:4.4.1
-
cpe:2.3:a:nomachine:nomachine:4.4.12
-
cpe:2.3:a:nomachine:nomachine:4.4.6
-
cpe:2.3:a:nomachine:nomachine:4.5.0
-
cpe:2.3:a:nomachine:nomachine:4.6.12
-
cpe:2.3:a:nomachine:nomachine:4.6.16
-
cpe:2.3:a:nomachine:nomachine:4.6.18
-
cpe:2.3:a:nomachine:nomachine:4.6.20
-
cpe:2.3:a:nomachine:nomachine:4.6.27
-
cpe:2.3:a:nomachine:nomachine:4.6.3
-
cpe:2.3:a:nomachine:nomachine:5.0.0
-
cpe:2.3:a:nomachine:nomachine:5.0.47
-
cpe:2.3:a:nomachine:nomachine:5.0.58
-
cpe:2.3:a:nomachine:nomachine:5.0.63
-
cpe:2.3:a:nomachine:nomachine:5.1.22
-
cpe:2.3:a:nomachine:nomachine:5.1.24
-
cpe:2.3:a:nomachine:nomachine:5.1.40
-
cpe:2.3:a:nomachine:nomachine:5.1.42
-
cpe:2.3:a:nomachine:nomachine:5.1.62
-
cpe:2.3:a:nomachine:nomachine:5.1.7
-
cpe:2.3:a:nomachine:nomachine:5.2.21
-
cpe:2.3:a:nomachine:nomachine:5.3.12
-
cpe:2.3:a:nomachine:nomachine:5.3.24
-
cpe:2.3:a:nomachine:nomachine:5.3.25
-
cpe:2.3:a:nomachine:nomachine:5.3.27
-
cpe:2.3:a:nomachine:nomachine:5.3.29
-
cpe:2.3:a:nomachine:nomachine:5.3.9
-
cpe:2.3:a:nomachine:nomachine:6.0.0
-
cpe:2.3:a:nomachine:nomachine:6.0.66
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_10:1511
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_10:1903
-
cpe:2.3:o:microsoft:windows_10:1909
-
cpe:2.3:o:microsoft:windows_10:2004
-
cpe:2.3:o:microsoft:windows_10:2019
-
cpe:2.3:o:microsoft:windows_10:20h2
-
cpe:2.3:o:microsoft:windows_10:21h1
-
cpe:2.3:o:microsoft:windows_10:21h2
-
cpe:2.3:o:microsoft:windows_10:22h2
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_7:sp1
-
cpe:2.3:o:microsoft:windows_8:-
-
cpe:2.3:o:microsoft:windows_8:consumer_preview