SB2018012424 - Multiple vulnerabilities in freesshd.com freeSSHd

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018012424

SB2018012424 - Multiple vulnerabilities in freesshd.com freeSSHd

Published: January 24, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018012424
CSH Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper Privilege Management (CVE-ID: CVE-2018-9853)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.


2) Unquoted Search Path or Element (CVE-ID: CVE-2017-1000475)

The vulnerability allows a local authenticated user to execute arbitrary code.

FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.


Remediation

Install update from vendor's website.

References