Vulnerability Description
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Authentication Agent For Web | <= 8.0.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Mar/60Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1040577Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Mar/60Mailing ListThird Party Advisory
- http://www.securitytracker.com/id/1040577Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1234?
CVE-2018-1234 is a vulnerability with a CVSS score of 5.5 (MEDIUM). RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by...
How severe is CVE-2018-1234?
CVE-2018-1234 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1234?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Authentication Agent For Web.