1. Home
  2. CVE Database
  3. CVE-2018-16715
HIGH · 8.8

CVE-2018-16715

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged u...

Vulnerability Description

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AbsoluteCtes Windows Agent<= 1.0.0.1479

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2018-16715?

CVE-2018-16715 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged u...

How severe is CVE-2018-16715?

CVE-2018-16715 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16715?

Check the references section above for vendor advisories and patch information. Affected products include: Absolute Ctes Windows Agent.