CVE-2018-18552 - OpenCVE

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Serverscheck	Monitoring Software

Configuration 1 [-]

cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt
http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-24T22:00:00

Updated: 2024-08-05T11:15:59.867Z

Reserved: 2018-10-21T00:00:00

Link: CVE-2018-18552

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-10-24T22:29:01.387

Modified: 2018-12-06T20:19:55.467

Link: CVE-2018-18552

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-24T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"}, {"tags": ["x_refsource_MISC"], "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18552", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"}, {"name": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt", "refsource": "MISC", "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:15:59.867Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18552", "datePublished": "2018-10-24T22:00:00", "dateReserved": "2018-10-21T00:00:00", "dateUpdated": "2024-08-05T11:15:59.867Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DA22C48-4D23-49DF-AE00-283E2B5B3E5C", "versionEndIncluding": "14.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."}, {"lang": "es", "value": "ServersCheck Monitoring Software hasta la versi\u00f3n 14.3.3 permite que usuarios locales provoquen una denegaci\u00f3n de servicio (p\u00e9rdida de funcionalidades del men\u00fa) creando un archivo LNK que se\u00f1ala hacia un segundo archivo LNK, si este segundo archivo est\u00e1 asociado a un men\u00fa Start. En \u00faltima instancia, este comportamiento se deriva de un error de salto de directorio (mediante el par\u00e1metro id en sensor_details.html) que permite la creaci\u00f3n de archivos vac\u00edos en directorios arbitrarios."}], "id": "CVE-2018-18552", "lastModified": "2018-12-06T20:19:55.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-24T22:29:01.387", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}