PT-2018-19077 · None · Freesshd

Published

2018-07-10

Updated

2019-10-03

CVE-2018-9853

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions freeSSHd version 1.3.1

Description The issue is related to insecure access control, allowing attackers to gain privileges of the freesshd.exe process. This can be achieved by logging in to an unprivileged account on the server.

Recommendations For freeSSHd version 1.3.1, consider restricting access to unprivileged accounts on the server until a fix is available. As a temporary workaround, review and limit the privileges assigned to the freesshd.exe process to minimize potential damage.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2018-9853

Affected Products

Freesshd

PT-2018-19077 · None · Freesshd

CVE-2018-9853

Weakness Enumeration

Related Identifiers

Affected Products

References · 4