CVE-2018-1234

EUVD-2018-11867
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
rsaauthentication_agent_for_web
𝑥
≤ 8.0.1
rsaauthentication_agent_for_web
𝑥
≤ 8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Mar/60
http://www.securitytracker.com/id/1040577
http://seclists.org/fulldisclosure/2018/Mar/60
http://www.securitytracker.com/id/1040577