cbcvebase.
CVE-2018-1234
published 2018-03-30

CVE-2018-1234: RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe…

PriorityP428medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.6th percentile
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.

Affected

2 ranges
VendorProductVersion rangeFixed in
dell_emcrsa_authentication_agent_for_web_for_iis
rsaauthentication_agent_for_web<= 8.0.1

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.