// For flags

CVE-2018-1234

 

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS se ve afectado por un problema en el que los permisos de la lista de control de acceso en un Named Pipe de Windows no son suficientes para evitar el acceso por parte de usuarios no autorizados. El atacante con acceso local al sistema puede explotar esta vulnerabilidad para leer las propiedades de configuraciĆ³n para el agente de autenticaciĆ³n.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-12-06 CVE Reserved
  • 2018-03-28 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL Tag Source
http://seclists.org/fulldisclosure/2018/Mar/60 Mailing List
http://www.securitytracker.com/id/1040577 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Rsa
Search vendor "Rsa"
 Authentication Agent For Web
Search vendor "Rsa" for product "Authentication Agent For Web"
 <= 8.0.1
Search vendor "Rsa" for product "Authentication Agent For Web" and version " <= 8.0.1"
apache_web_server
Affected
Rsa
Search vendor "Rsa"
 Authentication Agent For Web
Search vendor "Rsa" for product "Authentication Agent For Web"
 <= 8.0.1
Search vendor "Rsa" for product "Authentication Agent For Web" and version " <= 8.0.1"
iis
Affected