PT-2019-9565 · Capmon · Capmon Access Manager

Published

2019-03-15

Updated

2019-10-03

CVE-2018-18256

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CapMon Access Manager version 5.4.1.1005

Description A security issue allows a regular user to gain local administrator privileges by running any whitelisted application through the Custom App Launcher.

Recommendations For CapMon Access Manager version 5.4.1.1005, consider restricting access to the Custom App Launcher until a fix is available. As a temporary workaround, review and limit the list of whitelisted applications to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-18256

Affected Products

Capmon Access Manager

PT-2019-9565 · Capmon · Capmon Access Manager

CVE-2018-18256

Weakness Enumeration

Related Identifiers

Affected Products

References · 3