CVE Vulnerability

CVE-2018-1234

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://seclists.org/fulldisclosure/2018/Mar/60 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1040577 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:rsa:authentication_agent_for_web:*:*:*:*:*:apache_web_server:*:*
cpe:2.3:a:rsa:authentication_agent_for_web:*:*:*:*:*:iis:*:*
Information

Published : 2018-03-30 09:29

Updated : 2018-04-20 02:13

NVD link : CVE-2018-1234

Mitre link : CVE-2018-1234

Products Affected

Authentication Agent For Web

Rsa

CWE
CWE-200