Details of VAR-201903-1172

ID

VAR-201903-1172

CVE

CVE-2018-16207

TITLE

PowerAct Pro Master Agent for Windows fails to restrict acess permissions

Trust: 0.8

sources: JVNDB: JVNDB-2019-000020

DESCRIPTION

PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors. PowerAct Pro Master Agent for Windows provided by OMRON SOCIAL SOLUTIONS Co.,Ltd. fails to restrict access permissions. Hosono, Akane reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user with an Windows general user acccount may alter or edit a file which the user does not have a permission to access

Trust: 1.71

sources: NVD: CVE-2018-16207 // JVNDB: JVNDB-2019-000020 // VULHUB: VHN-126543

AFFECTED PRODUCTS

vendor:	omron	model:	poweract pro master agent	scope:	lte	version:	5.13	Trust: 1.0
vendor:	omron social	model:	poweract pro master agent	scope:	lte	version:	for windows version 5.13	Trust: 0.8

sources: JVNDB: JVNDB-2019-000020 // NVD: CVE-2018-16207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16207
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2019-000020
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201903-1063
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-126543
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-16207
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2019-000020
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-126543
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16207
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2019-000020
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-126543 // JVNDB: JVNDB-2019-000020 // CNNVD: CNNVD-201903-1063 // NVD: CVE-2018-16207

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8
problemtype:	CWE-284	Trust: 0.1

sources: VULHUB: VHN-126543 // JVNDB: JVNDB-2019-000020 // NVD: CVE-2018-16207

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1063

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-1063

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-000020

PATCH

title:	Download	url:	https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html	Trust: 0.8
title:	Notification	url:	https://www.oss.omron.co.jp/ups/info/topics/190326.html	Trust: 0.8
title:	Omron OMRON PowerAct Pro Master Agent for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90481	Trust: 0.6

sources: JVNDB: JVNDB-2019-000020 // CNNVD: CNNVD-201903-1063

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16207	Trust: 2.5
db:	JVN	id:	JVN63981842	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-000020	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-1063	Trust: 0.7
db:	VULHUB	id:	VHN-126543	Trust: 0.1

sources: VULHUB: VHN-126543 // JVNDB: JVNDB-2019-000020 // CNNVD: CNNVD-201903-1063 // NVD: CVE-2018-16207

REFERENCES

url:	https://jvn.jp/en/jp/jvn63981842/index.html	Trust: 2.5
url:	https://www.oss.omron.co.jp/ups/info/topics/190326.html	Trust: 1.7
url:	https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16207	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16207	Trust: 0.8

sources: VULHUB: VHN-126543 // JVNDB: JVNDB-2019-000020 // CNNVD: CNNVD-201903-1063 // NVD: CVE-2018-16207

SOURCES

db:	VULHUB	id:	VHN-126543
db:	JVNDB	id:	JVNDB-2019-000020
db:	CNNVD	id:	CNNVD-201903-1063
db:	NVD	id:	CVE-2018-16207

LAST UPDATE DATE

2024-11-23T22:37:54.266000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-126543	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-000020	date:	2019-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201903-1063	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-16207	date:	2024-11-21T03:52:17.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-126543	date:	2019-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-000020	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201903-1063	date:	2019-03-27T00:00:00
db:	NVD	id:	CVE-2018-16207	date:	2019-03-27T14:29:00.267