PT-2018-11177 · Corsair · Corsair Utility Engine
Therealjoedoran
·
Publicado
2018-10-11
·
Atualizado
2020-08-24
·
CVE-2018-12441
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Corsair Utility Engine (affected versions not specified)
Description
The issue is related to the CorsairService Service in Corsair Utility Engine, which has insecure default permissions. This allows unprivileged local users to execute arbitrary commands by modifying the
BINARY PATH NAME of the CorsairService, resulting in complete control of the affected system. The problem arises from the Windows "Everyone" group being granted SERVICE ALL ACCESS permissions to the CorsairService Service.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Default Permissions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Corsair Utility Engine