CVE-2018-6661 - OpenCVE

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Mcafee	True Key

Configuration 1 [-]

AND

cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2018-03-31T00:00:00

Updated: 2018-04-02T12:57:01

Reserved: 2018-02-06T00:00:00

Link: CVE-2018-6661

JSON object: View

NVD Information

Status : Modified

Published: 2018-04-02T13:29:00.343

Modified: 2023-11-07T03:00:07.907

Link: CVE-2018-6661

JSON object: View

Redhat Information

No data.

CWE

CWE-426

{"containers": {"cna": {"affected": [{"product": "True Key", "vendor": "McAfee", "versions": [{"lessThan": "4.20.110", "status": "affected", "version": "4.20.110", "versionType": "custom"}]}], "datePublic": "2018-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "DLL Side-Loading vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-02T12:57:01", "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"}], "source": {"advisory": "TS102801", "discovery": "EXTERNAL"}, "title": "TS102801 True Key DLL Side-Loading vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mcafee.com", "DATE_PUBLIC": "2018-03-31T00:00:00.000Z", "ID": "CVE-2018-6661", "STATE": "PUBLIC", "TITLE": "TS102801 True Key DLL Side-Loading vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "True Key", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "4.20.110", "version_value": "4.20.110"}]}}]}, "vendor_name": "McAfee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DLL Side-Loading vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801", "refsource": "CONFIRM", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"}]}, "source": {"advisory": "TS102801", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "assignerShortName": "trellix", "cveId": "CVE-2018-6661", "datePublished": "2018-03-31T00:00:00", "dateReserved": "2018-02-06T00:00:00", "dateUpdated": "2018-04-02T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:true_key:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B0A84C1-01D0-43AA-BD57-A3AB6327A401", "versionEndIncluding": "4.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature."}, {"lang": "es", "value": "Vulnerabilidad de carga lateral de DLL en Microsoft Windows Client en McAfee True Key en versiones anteriores a la 4.20.110 permite que los usuarios locales obtengan una elevaci\u00f3n de privilegios al no verificar la firma de un archivo DLL espec\u00edfico."}], "id": "CVE-2018-6661", "lastModified": "2023-11-07T03:00:07.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-02T13:29:00.343", "references": [{"source": "trellixpsirt@trellix.com", "url": "https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102801"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}