Details of VAR-201808-0182

ID

VAR-201808-0182

CVE

CVE-2018-10514

TITLE

Trend Micro Security 2018 Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009504

DESCRIPTION

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Trend Micro Security 2018 (Consumer) The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The service does not properly impersonate the client before executing sensitive operations. An attacker can leverage this vulnerability to escalate privileges to SYSTEM

Trust: 2.25

sources: NVD: CVE-2018-10514 // JVNDB: JVNDB-2018-009504 // ZDI: ZDI-18-962

AFFECTED PRODUCTS

vendor:	trend micro	model:	maximum security	scope:	-	version:	-	Trust: 1.5
vendor:	trendmicro	model:	maximum security	scope:	lte	version:	12.0	Trust: 1.0
vendor:	trendmicro	model:	internet security	scope:	lte	version:	12.0	Trust: 1.0
vendor:	trendmicro	model:	premium security	scope:	lte	version:	12.0	Trust: 1.0
vendor:	trendmicro	model:	antivirus \+ security	scope:	lte	version:	12.0	Trust: 1.0
vendor:	trend micro	model:	antivirus + security	scope:	-	version:	-	Trust: 0.8
vendor:	trend micro	model:	internet security	scope:	-	version:	-	Trust: 0.8
vendor:	trend micro	model:	premium security	scope:	-	version:	-	Trust: 0.8
vendor:	trendmicro	model:	internet security	scope:	eq	version:	12.0	Trust: 0.6
vendor:	trendmicro	model:	antivirus \+ security	scope:	eq	version:	12.0	Trust: 0.6
vendor:	trendmicro	model:	premium security	scope:	eq	version:	12.0	Trust: 0.6
vendor:	trendmicro	model:	maximum security	scope:	eq	version:	12.0	Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10514
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-10514
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-10514
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201808-966
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-10514
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5

nvd@nist.gov:	CVE-2018-10514
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-009504 // NVD: CVE-2018-10514

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-966

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-966

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009504

PATCH

title:	1120742	url:	https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx	Trust: 1.5
title:	Multiple Trend Micro Product Privilege License and Access Control Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84382	Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10514	Trust: 3.1
db:	ZDI	id:	ZDI-18-962	Trust: 2.3
db:	JVNDB	id:	JVNDB-2018-009504	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6103	Trust: 0.7
db:	CNNVD	id:	CNNVD-201808-966	Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

REFERENCES

url:	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120742.aspx	Trust: 2.3
url:	https://www.zerodayinitiative.com/advisories/zdi-18-962/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10514	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10514	Trust: 0.8

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-18-962

SOURCES

db:	ZDI	id:	ZDI-18-962
db:	JVNDB	id:	JVNDB-2018-009504
db:	CNNVD	id:	CNNVD-201808-966
db:	NVD	id:	CVE-2018-10514

LAST UPDATE DATE

2024-08-14T15:13:02.807000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-962	date:	2018-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-009504	date:	2018-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201808-966	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-10514	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-962	date:	2018-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-009504	date:	2018-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201808-966	date:	2018-08-31T00:00:00
db:	NVD	id:	CVE-2018-10514	date:	2018-08-30T19:29:00.713