Vulnerabilities > CVE-2018-13101 - Unspecified vulnerability in Redswimmer Kiosksimple 1.4.7.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redswimmer

critical

NVD

Published: 2018-07-03

Updated: 2024-11-21

Summary

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

Vulnerable Configurations

Part	Description	Count
Application	Redswimmer Redswimmer Kiosksimple 1.4.7.0	1

References

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md