// For flags

CVE-2018-5354

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP.

El módulo GINA/CP personalizado en ANIXIS Password Reset Client antes de la versión 3.22, permite a atacantes remotos ejecutar código y escalar privilegios mediante una suplantación de identidad. Cuando el cliente está configurado para usar HTTP, no autentica el servidor deseado antes de abrir una ventana del navegador. Un atacante no autenticado capaz de llevar a cabo un ataque de suplantación de identidad puede redireccionar el navegador para que se ejecute en el contexto del proceso WinLogon.exe. Si no se aplica la autenticación a nivel de red, la vulnerabilidad puede ser explotada mediante RDP

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-12 CVE Reserved
  • 2020-09-29 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-290: Authentication Bypass by Spoofing
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://github.com/missing0x00/CVE-2018-5354 2024-08-05
URL Date SRC
URL Date SRC
http://anixis.com 2020-10-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Anixis
Search vendor "Anixis"
 Password Reset Client
Search vendor "Anixis" for product "Password Reset Client"
 < 3.22
Search vendor "Anixis" for product "Password Reset Client" and version " < 3.22"
-
Affected