Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by thresholdsecurity
CVE-2018-17497 (GCVE-0-2018-17497)
Vulnerability from cvelistv5 – Published: 2019-03-19 19:47 – Updated: 2024-09-16 17:47
VLAI
EPSS
VEX
Summary
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Severity
CWE
- Gain Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/A:H/PR:N/UI:N/S:U/C:H/AC:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17497",
"datePublished": "2019-03-19T19:47:41.609Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:47:55.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17496 (GCVE-0-2018-17496)
Vulnerability from cvelistv5 – Published: 2019-03-19 19:47 – Updated: 2024-09-17 01:51
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/AC:L/I:H/A:H/PR:N/AV:L/S:U/UI:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17496",
"datePublished": "2019-03-19T19:47:41.569Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:54.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17495 (GCVE-0-2018-17495)
Vulnerability from cvelistv5 – Published: 2019-03-19 19:47 – Updated: 2024-09-17 01:26
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:05.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/S:U/I:H/AV:L/A:H/PR:N/AC:L/C:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17495",
"datePublished": "2019-03-19T19:47:41.531Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:03.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17494 (GCVE-0-2018-17494)
Vulnerability from cvelistv5 – Published: 2019-03-19 19:47 – Updated: 2024-09-17 02:47
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/A:H/PR:N/UI:N/S:U/AC:L/C:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17494",
"datePublished": "2019-03-19T19:47:41.490Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:40.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17493 (GCVE-0-2018-17493)
Vulnerability from cvelistv5 – Published: 2019-03-19 19:47 – Updated: 2024-09-16 16:48
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/C:H/I:H/AV:L/A:H/PR:N/UI:N/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17493",
"datePublished": "2019-03-19T19:47:41.452Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:18.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17494 (GCVE-0-2018-17494)
Vulnerability from nvd – Published: 2019-03-19 19:47 – Updated: 2024-09-17 02:47
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/A:H/PR:N/UI:N/S:U/AC:L/C:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-startmenu-cve201817494-priv-esc (149654)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17494",
"datePublished": "2019-03-19T19:47:41.490Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:47:40.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17493 (GCVE-0-2018-17493)
Vulnerability from nvd – Published: 2019-03-19 19:47 – Updated: 2024-09-16 16:48
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/C:H/I:H/AV:L/A:H/PR:N/UI:N/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-fullscreen-cve201817493-pri-esc (149653)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17493",
"datePublished": "2019-03-19T19:47:41.452Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:18.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17495 (GCVE-0-2018-17495)
Vulnerability from nvd – Published: 2019-03-19 19:47 – Updated: 2024-09-17 01:26
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:05.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/S:U/I:H/AV:L/A:H/PR:N/AC:L/C:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-help-dialog-cve201817495-pri-esc (149655)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17495",
"datePublished": "2019-03-19T19:47:41.531Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:26:03.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17497 (GCVE-0-2018-17497)
Vulnerability from nvd – Published: 2019-03-19 19:47 – Updated: 2024-09-16 17:47
VLAI
EPSS
VEX
Summary
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
Severity
CWE
- Gain Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AV:L/A:H/PR:N/UI:N/S:U/C:H/AC:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-cve201817497-default-account (149657)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17497",
"datePublished": "2019-03-19T19:47:41.609Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:47:55.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17496 (GCVE-0-2018-17496)
Vulnerability from nvd – Published: 2019-03-19 19:47 – Updated: 2024-09-17 01:51
VLAI
EPSS
VEX
Summary
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
Severity
CWE
- Gain Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VisitorPass | eVisitorPass |
Affected:
1.5.5.2
|
Date Public
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eVisitorPass",
"vendor": "VisitorPass",
"versions": [
{
"status": "affected",
"version": "1.5.5.2"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/AC:L/I:H/A:H/PR:N/AV:L/S:U/UI:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-19T19:47:41.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-17496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eVisitorPass",
"version": {
"version_data": [
{
"version_value": "1.5.5.2"
}
]
}
}
]
},
"vendor_name": "VisitorPass"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "evisitorpass-kiosk-cve201817496-priv-esc (149656)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-17496",
"datePublished": "2019-03-19T19:47:41.569Z",
"dateReserved": "2018-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:51:54.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}