// For flags

CVE-2018-5189

Jungo Windriver 12.5.1 - Local Privilege Escalation

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

Condición de carrera en Jungo Windriver 12.5.1 permite que usuarios locales provoquen una denegación de servicio (desbordamiento de búfer) u obtengan privilegios del sistema invirtiendo el tamaño del búfer de grupo. Esto también se conoce como vulnerabilidad "double fetch".

Jungo Windriver version 12.5.1 suffers from a privilege escalation vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-03 CVE Reserved
  • 2018-01-11 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jungo
Search vendor "Jungo"
Windriver
Search vendor "Jungo" for product "Windriver"
< 12.6.0
Search vendor "Jungo" for product "Windriver" and version " < 12.6.0"
-
Affected