Vulnerability Description
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beyondtrust | Avecto Defendpoint | >= 4.0, < 4.4.267.0 |
Related Weaknesses (CWE)
References
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Clie
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Clie
- https://hackandpwn.com/cve-2018-10959/
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Clie
- https://hackandpwn.com/assets/2019-04-17-cve-2018-10959/Defendpoint_Windows_Clie
- https://hackandpwn.com/cve-2018-10959/
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-
- https://www.beyondtrust.com/docs/release-notes/privilege-management/windows-and-
FAQ
What is CVE-2018-10959?
CVE-2018-10959 is a vulnerability with a CVSS score of 7.5 (HIGH). Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's ...
How severe is CVE-2018-10959?
CVE-2018-10959 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10959?
Check the references section above for vendor advisories and patch information. Affected products include: Beyondtrust Avecto Defendpoint.