CVE-2018-19666

HIGH

OSSEC < 3.1.0 - Path Traversal to Local Privilege Escalation

Title source: llm
STIX 2.1

Description

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ossec/ossec-hids/issues/1585

Scores

CVSS v3 7.8
EPSS 0.0078
EPSS Percentile 51.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
ossec/ossec < 3.1.0
wazuh/wazuh 1.0.0 - 2.1.1
Published Nov 29, 2018
Tracked Since Feb 18, 2026