Vulnerability Details : CVE-2018-13101
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.
Vulnerability category: Gain privilege
Products affected by CVE-2018-13101
- cpe:2.3:a:redswimmer:kiosksimple:1.4.7.0:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-13101
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-13101
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2018-13101
-
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md
research/VS-2018-026.md at master · VerSprite/research · GitHubThird Party Advisory
Jump to