ID

VAR-201808-0182


CVE

CVE-2018-10514


TITLE

Trend Micro Security 2018 Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009504

DESCRIPTION

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Trend Micro Security 2018 (Consumer) The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The service does not properly impersonate the client before executing sensitive operations. An attacker can leverage this vulnerability to escalate privileges to SYSTEM

Trust: 2.25

sources: NVD: CVE-2018-10514 // JVNDB: JVNDB-2018-009504 // ZDI: ZDI-18-962

AFFECTED PRODUCTS

vendor:trend micromodel:maximum securityscope: - version: -

Trust: 1.5

vendor:trendmicromodel:maximum securityscope:lteversion:12.0

Trust: 1.0

vendor:trendmicromodel:internet securityscope:lteversion:12.0

Trust: 1.0

vendor:trendmicromodel:premium securityscope:lteversion:12.0

Trust: 1.0

vendor:trendmicromodel:antivirus \+ securityscope:lteversion:12.0

Trust: 1.0

vendor:trend micromodel:antivirus + securityscope: - version: -

Trust: 0.8

vendor:trend micromodel:internet securityscope: - version: -

Trust: 0.8

vendor:trend micromodel:premium securityscope: - version: -

Trust: 0.8

vendor:trendmicromodel:internet securityscope:eqversion:12.0

Trust: 0.6

vendor:trendmicromodel:antivirus \+ securityscope:eqversion:12.0

Trust: 0.6

vendor:trendmicromodel:premium securityscope:eqversion:12.0

Trust: 0.6

vendor:trendmicromodel:maximum securityscope:eqversion:12.0

Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10514
value: HIGH

Trust: 1.0

NVD: CVE-2018-10514
value: HIGH

Trust: 0.8

ZDI: CVE-2018-10514
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201808-966
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-10514
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

nvd@nist.gov: CVE-2018-10514
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-009504 // NVD: CVE-2018-10514

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-966

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-966

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009504

PATCH

title:1120742url:https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx

Trust: 1.5

title:Multiple Trend Micro Product Privilege License and Access Control Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84382

Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966

EXTERNAL IDS

db:NVDid:CVE-2018-10514

Trust: 3.1

db:ZDIid:ZDI-18-962

Trust: 2.3

db:JVNDBid:JVNDB-2018-009504

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6103

Trust: 0.7

db:CNNVDid:CNNVD-201808-966

Trust: 0.6

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

REFERENCES

url:https://esupport.trendmicro.com/en-us/home/pages/technical-support/1120742.aspx

Trust: 2.3

url:https://www.zerodayinitiative.com/advisories/zdi-18-962/

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10514

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-10514

Trust: 0.8

sources: ZDI: ZDI-18-962 // JVNDB: JVNDB-2018-009504 // CNNVD: CNNVD-201808-966 // NVD: CVE-2018-10514

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-18-962

SOURCES

db:ZDIid:ZDI-18-962
db:JVNDBid:JVNDB-2018-009504
db:CNNVDid:CNNVD-201808-966
db:NVDid:CVE-2018-10514

LAST UPDATE DATE

2024-08-14T15:13:02.807000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-962date:2018-08-30T00:00:00
db:JVNDBid:JVNDB-2018-009504date:2018-11-20T00:00:00
db:CNNVDid:CNNVD-201808-966date:2019-10-23T00:00:00
db:NVDid:CVE-2018-10514date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:ZDIid:ZDI-18-962date:2018-08-30T00:00:00
db:JVNDBid:JVNDB-2018-009504date:2018-11-20T00:00:00
db:CNNVDid:CNNVD-201808-966date:2018-08-31T00:00:00
db:NVDid:CVE-2018-10514date:2018-08-30T19:29:00.713