Vulnerabilities > CVE-2018-12989 - Improper Preservation of Permissions vulnerability in Pearsonvue Console 8 and Iqsystem 7

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

pearsonvue

CWE-281

NVD

Published: 2018-08-03

Updated: 2019-10-03

Summary

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Pearsonvue Pearsonvue Iqsystem 7 * Pearsonvue Console 8 *	2

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://computeco.de/2018-07-29_1.html
https://certiport.pearsonvue.com/Support/Console-system-updates