Vulnerability Details : CVE-2018-16183
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Vulnerability category: Execute code
Products affected by CVE-2018-16183
- cpe:2.3:a:panasonic:system_interface_device_0021:-:*:*:*:*:*:*:*
- cpe:2.3:a:panasonic:system_interface_device_0040:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16183
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-16183
-
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16183
-
https://jvn.jp/en/jp/JVN36895151/index.html
JVN#36895151: Panasonic applications register unquoted service pathsThird Party Advisory
-
https://pc-dl.panasonic.co.jp/dl/docs/077770
Download No.077770 <b>Remediate Service Path Vulnerability Utility</b> (V1.00L10 M02) Panasonic PC in which Windows 10, Windows 8.1, Windows 8 and Windows 7 are pre-installed| Panasonic PC SupportVendor Advisory
Jump to