Unquoted Windows Search Path Vulnerability in 10-Strike Network Monitor by 10-Strike
CVE-2018-6016

7.8HIGH

Key Information:

Vendor: 10-strike
Status: Network Monitor
Vendor: CVE Published:; 12 March 2018

What is CVE-2018-6016?

The unquoted Windows search path vulnerability found in the srvInventoryWebServer service of 10-Strike Network Monitor 5.4 allows local users to escalate their privileges through a maliciously crafted artefact. This flaw enables attackers to execute arbitrary code with elevated permissions, posing a significant security risk to affected systems. Proper management of service paths is crucial to mitigate such vulnerabilities.

References

http://seclists.org/fulldisclosure/2018/Mar/21

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2018
Vulnerability Reserved
Jan 22, 2018

CVE-2018-6016 Data

JSON

10-strike

What is CVE-2018-6016?

References

CVSS V3.1

Timeline