CVE-2018-10604

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
selincsel_compass
𝑥
≤ 3.0.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02
https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02