CVE-2018-18253
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases.
Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe intenta aplicar los controles de acceso añadiendo un usuario no privilegiado al grupo local de Administradores durante un período de tiempo muy corto para ejecutar un único comando. Sin embargo, el usuario se mantiene en dicho grupo si el comando tiene un fallo inesperado y, además, ocurre una condición de carrera en todos los casos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-11 CVE Reserved
- 2019-03-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://improsec.com/tech-blog/cam1 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Capmon Search vendor "Capmon" | Access Manager Search vendor "Capmon" for product "Access Manager" | <= 5.4.1.1005 Search vendor "Capmon" for product "Access Manager" and version " <= 5.4.1.1005" | - |
Affected
| ||||||