PT-2018-11136 · Rsa · Rsa Authentication Agent

Harrison Neal

Publicado

2018-03-30

Atualizado

2018-04-20

CVE-2018-1234

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS

Description The issue is related to insufficient access control list (ACL) permissions on a Windows Named Pipe, allowing unauthorized users with local system access to exploit it and read configuration properties for the authentication agent.

Recommendations For RSA Authentication Agent versions 8.0.1 and earlier for Web for IIS, update to a version that addresses the insufficient ACL permissions issue to prevent unauthorized access to configuration properties.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1234

Produtos afetados

Rsa Authentication Agent

PT-2018-11136 · Rsa · Rsa Authentication Agent

CVE-2018-1234

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4