Sign-up

ID

VAR-201901-0829


CVE

CVE-2018-16183


TITLE

Panasonic applications register unquoted service paths

Trust: 0.8

sources: JVNDB: JVNDB-2018-000123

DESCRIPTION

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Some pre-installed applications on Panasonic PCs register Windows services with unquoted file paths (CWE-428). Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Panasonic Corporation coordinated under the Information Security Early Warning Partnership.If a malicious executable is placed on a certain path, it may be executed with the elevated privilege. PanasonicPC is a computer device from Matsushita Electric Industrial Co., Ltd. of Japan. An attacker could exploit the vulnerability to execute files with elevated privileges

Trust: 2.16

sources: NVD: CVE-2018-16183 // JVNDB: JVNDB-2018-000123 // CNVD: CNVD-2018-24473

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-24473

AFFECTED PRODUCTS

vendor:panasonicmodel:pc windowsscope:eqversion:7

Trust: 1.2

vendor:panasonicmodel:system interface device 0040scope:eqversion: -

Trust: 1.0

vendor:panasonicmodel:system interface device 0021scope:eqversion: -

Trust: 1.0

vendor:panasonicmodel:multiple computersscope: - version: -

Trust: 0.8

vendor:panasonicmodel:pc windowsscope:eqversion:8

Trust: 0.6

vendor:panasonicmodel:pc windowsscope:eqversion:8.1

Trust: 0.6

vendor:panasonicmodel:pc windowsscope:eqversion:10

Trust: 0.6

sources: CNVD: CNVD-2018-24473 // JVNDB: JVNDB-2018-000123 // NVD: CVE-2018-16183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16183
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000123
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-24473
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-917
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-16183
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000123
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-24473
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-16183
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000123
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-24473 // JVNDB: JVNDB-2018-000123 // CNNVD: CNNVD-201811-917 // NVD: CVE-2018-16183

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-000123 // NVD: CVE-2018-16183

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-917

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-917

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000123

PATCH
title:Remediate Service Path Vulnerability Utility (V1.00L10 M02) Panasonic PC in which Windows 10, Windows 8.1, Windows 8 and Windows 7 are pre-installedurl:https://pc-dl.panasonic.co.jp/dl/docs/077770
Trust: 0.8
title:PanasonicPC registers patches for non-referenced service path vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/146105
Trust: 0.6
title:Panasonic PC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87335
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24473 // 
            
            
            
            JVNDB: JVNDB-2018-000123 // 
            
            
            
            CNNVD: CNNVD-201811-917

EXTERNAL IDS
db:NVDid:CVE-2018-16183
Trust: 3.0
db:JVNid:JVN36895151
Trust: 2.4
db:JVNDBid:JVNDB-2018-000123
Trust: 1.4
db:CNVDid:CNVD-2018-24473
Trust: 0.6
db:CNNVDid:CNNVD-201811-917
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24473 // 
            
            
            
            JVNDB: JVNDB-2018-000123 // 
            
            
            
            CNNVD: CNNVD-201811-917 // 
            
            
            
            NVD: CVE-2018-16183

REFERENCES
url:https://jvn.jp/en/jp/jvn36895151/index.html
Trust: 2.4
url:https://pc-dl.panasonic.co.jp/dl/docs/077770
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16183
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000123.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-24473 // 
            
            
            
            JVNDB: JVNDB-2018-000123 // 
            
            
            
            CNNVD: CNNVD-201811-917 // 
            
            
            
            NVD: CVE-2018-16183

SOURCES
db:CNVDid:CNVD-2018-24473
db:JVNDBid:JVNDB-2018-000123
db:CNNVDid:CNNVD-201811-917
db:NVDid:CVE-2018-16183

LAST UPDATE DATE
2024-11-23T22:45:06.964000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-24473date:2018-12-04T00:00:00
db:JVNDBid:JVNDB-2018-000123date:2019-09-27T00:00:00
db:CNNVDid:CNNVD-201811-917date:2019-09-23T00:00:00
db:NVDid:CVE-2018-16183date:2024-11-21T03:52:14.567

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-24473date:2018-12-04T00:00:00
db:JVNDBid:JVNDB-2018-000123date:2018-11-29T00:00:00
db:CNNVDid:CNNVD-201811-917date:2018-11-30T00:00:00
db:NVDid:CVE-2018-16183date:2019-01-09T23:29:03.967