Vulnerability Description
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
CVSS Score
8.1
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Druide | Antidote 9 | <= 5.1 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Sep/38ExploitMailing ListThird Party Advisory
- https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-exeExploitThird Party Advisory
- http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Sep/38ExploitMailing ListThird Party Advisory
- https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-exeExploitThird Party Advisory
FAQ
What is CVE-2018-13140?
CVE-2018-13140 is a vulnerability with a CVSS score of 8.1 (HIGH). Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
How severe is CVE-2018-13140?
CVE-2018-13140 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13140?
Check the references section above for vendor advisories and patch information. Affected products include: Druide Antidote 9, Linux Linux Kernel, Microsoft Windows.