CVE-2018-12989
MEDIUMPearson VUE Certiport Console <2018-06-26 - Privilege Escalation
Title source: llmDescription
The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://computeco.de/2018-07-29_1.html
Vendor Advisory x_refsource_misc
https://certiport.pearsonvue.com/Support/Console-system-updates
Scores
CVSS v3
6.7
EPSS
0.0031
EPSS Percentile
22.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-281
Status
published
Products (2)
pearsonvue/console_8
< 2018-06-26
pearsonvue/iqsystem_7
< 2018-06-26
Published
Aug 03, 2018
Tracked Since
Feb 18, 2026