CVE-2018-10604 - OpenCVE

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Selinc	Sel Compass

Configuration 1 [-]

cpe:2.3:a:selinc:sel_compass:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-07-24T13:00:00Z

Updated: 2024-09-16T22:40:00.252Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10604

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-24T13:29:00.353

Modified: 2020-08-31T16:09:22.273

Link: CVE-2018-10604

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Compass", "vendor": "Schweitzer Engineering Laboratories, Inc.", "versions": [{"status": "affected", "version": "3.0.5.1 and prior"}]}], "datePublic": "2018-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "INCORRECT DEFAULT PERMISSIONS CWE-276", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-24T12:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-07-10T00:00:00", "ID": "CVE-2018-10604", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Compass", "version": {"version_data": [{"version_value": "3.0.5.1 and prior"}]}}]}, "vendor_name": "Schweitzer Engineering Laboratories, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INCORRECT DEFAULT PERMISSIONS CWE-276"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:39:08.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10604", "datePublished": "2018-07-24T13:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-16T22:40:00.252Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:selinc:sel_compass:*:*:*:*:*:*:*:*", "matchCriteriaId": "591FA579-C856-441E-A803-D4ACA222202C", "versionEndIncluding": "3.0.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution."}, {"lang": "es", "value": "SEL Compass, en versiones 3.0.5.1 y anteriores, otorga a todos los usuarios acceso total al directorio SEL Compass, lo que podr\u00eda permitir la modificaci\u00f3n o sobrescritura de archivos en la carpeta de instalaci\u00f3n de Compass. Esto podr\u00eda resultar en un escalado de privilegios y/o en la ejecuci\u00f3n de c\u00f3digo malicioso."}], "id": "CVE-2018-10604", "lastModified": "2020-08-31T16:09:22.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-24T13:29:00.353", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}