Main Vulnerability Database Vulnerabilities #VU36930

Improper Privilege Management in freeSSHd - CVE-2018-9853

Published: July 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36930

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-9853

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: freesshd.com

Affected software:
freeSSHd

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.

How to mitigate CVE-2018-9853

Install update from vendor's website.

Sources

https://medium.com/@TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a

Improper Privilege Management in freeSSHd - CVE-2018-9853

Detailed vulnerability description

How to mitigate CVE-2018-9853

Sources

Please verify you're human