CVE-2018-18552

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.

Published : 2018-10-24 22:29 Updated : 2018-12-06 20:19

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Serverscheck Monitoring Software 14.3.3 cpe:/a:serverscheck:monitoring_software:14.3.3
  1. Serverscheck (1) Search CVE
    1. Monitoring Software (1) Search CVE
      1. 14.3.3

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes