Privilege escalation in Carousel - CVE-2018-18931
Published: February 6, 2019
Vulnerability identifier: #VU17395
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-18931
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Tightrope
Affected software:
Carousel
Carousel
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to arbitrary file upload. A remote attacker can make the SMB port available to remote systems, authenticate via SMB with Metasploit and gain full control over the system with administrator privileges.
The vulnerability exists due to arbitrary file upload. A remote attacker can make the SMB port available to remote systems, authenticate via SMB with Metasploit and gain full control over the system with administrator privileges.
How to mitigate CVE-2018-18931
Patch will be available on February 8.