Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1234

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

Published

2018-03-30T21:29:01.807

Last Modified

2024-11-21T03:59:26.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rsa	authentication_agent_for_web	≤ 8.0.1	Yes
Application	rsa	authentication_agent_for_web	≤ 8.0.1	Yes

References

http://seclists.org/fulldisclosure/2018/Mar/60 Mailing List, Third Party Advisory ([email protected])
http://www.securitytracker.com/id/1040577 Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2018/Mar/60 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040577 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)