Vulnerabilities > CVE-2018-13101 - Unspecified vulnerability in Redswimmer Kiosksimple 1.4.7.0

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

redswimmer

critical

NVD

Published: 2018-07-03

Updated: 2019-10-03

Summary

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

Vulnerable Configurations

Part	Description	Count
Application	Redswimmer Redswimmer Kiosksimple 1.4.7.0	1

References

https://github.com/VerSprite/research/blob/master/advisories/VS-2018-026.md