PT-2019-8775 · Avecto · Avecto Defendpoint

Published

2019-04-17

Updated

2020-12-29

CVE-2018-10959

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Avecto Defendpoint versions 4 prior to 4.4 SR6 Avecto Defendpoint versions 5 prior to 5.1 SR1

Description The issue is related to an Untrusted Search Path, which can be exploited by modifying environment variables. This allows an attacker to trigger automatic elevation of their process launch.

Recommendations For Avecto Defendpoint version 4, update to version 4.4 SR6 or later. For Avecto Defendpoint version 5, update to version 5.1 SR1 or later.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2018-10959

Affected Products

Avecto Defendpoint

PT-2019-8775 · Avecto · Avecto Defendpoint

CVE-2018-10959

Weakness Enumeration

Related Identifiers

Affected Products

References · 8