{
  "id": "CVE-2018-18552",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-10-24T22:29:01.387",
  "lastModified": "2018-12-06T20:19:55.467",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories."
    },
    {
      "lang": "es",
      "value": "ServersCheck Monitoring Software hasta la versi\u00f3n 14.3.3 permite que usuarios locales provoquen una denegaci\u00f3n de servicio (p\u00e9rdida de funcionalidades del men\u00fa) creando un archivo LNK que se\u00f1ala hacia un segundo archivo LNK, si este segundo archivo est\u00e1 asociado a un men\u00fa Start. En \u00faltima instancia, este comportamiento se deriva de un error de salto de directorio (mediante el par\u00e1metro id en sensor_details.html) que permite la creaci\u00f3n de archivos vac\u00edos en directorios arbitrarios."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "14.3.3",
              "matchCriteriaId": "6DA22C48-4D23-49DF-AE00-283E2B5B3E5C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://packetstormsecurity.com/files/149907/ServersCheck-Monitoring-Software-14.3.3-Arbitrary-File-Write-DoS.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}