Strix
26.1K

CVE-2018-1000209

UnknownEPSS 1.22%

Last modified

CVE-2018-1000209 is a vulnerability of currently unknown severity. Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. EPSS estimates a 1.22% chance of exploitation in the next 30 days.

Description

Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.

Metrics

EPSS Probability
1.22%

64.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SensuSensu Core< 1.4.2-3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-1000209?
Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later.
How severe is CVE-2018-1000209?
Severity scoring for CVE-2018-1000209 is pending analysis. The EPSS model estimates a 1.22% probability of exploitation in the next 30 days.
How do I fix CVE-2018-1000209?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000209?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST