CVE-2018-13140

HIGH

Druide Antidote 9 < 5.1 - Cleartext Transmission

Title source: rule

Description

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

Exploits (1)

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2018-13140

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Sep/38

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html

Scores

CVSS v3 8.1

EPSS 0.0877

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (1)

druide/antidote_9 < 5.1

Published Sep 24, 2018

Tracked Since Feb 18, 2026