Vulnerabilities > CVE-2018-18603 - Unspecified vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

360totalsecurity

NVD

Published: 2018-10-23

Updated: 2024-08-05

Summary

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue

Vulnerable Configurations

Part	Description	Count
Application	360Totalsecurity 360Totalsecurity 360 Total Security 3.5.0.1033	1

References

https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/
https://exchange.xforce.ibmcloud.com/vulnerabilities/151867