Main Vulnerability Database Vulnerabilities #VU16713

Privilege escalation in Webroot BrightCloud SDK - CVE-2018-4015

Published: December 26, 2018

Vulnerability identifier: #VU16713

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-4015

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Webroot Software, Inc.

Affected software:
Webroot BrightCloud SDK

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK due to improper validation of TLS certificates when the configuration of the HTTP client does not enforce a secure connection by default. A remote attacker can use man-in-the-middle techniques to impersonate a remote BrightCloud server and gain elevated privileges.

How to mitigate CVE-2018-4015

Install update from vendor's website.

Sources

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0686

Privilege escalation in Webroot BrightCloud SDK - CVE-2018-4015

Detailed vulnerability description

How to mitigate CVE-2018-4015

Sources

Please verify you're human