Improper Check for Dropped Privileges

CVE-2018-8599

High

7.8/10

Summary

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-273 - Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References

Advisory Timeline

Published Dec 12, 2018

Improper Check for Dropped Privileges

CVE-2018-8599

Summary

CWE-273 - Improper Check for Dropped Privileges

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS