CVE-2018-6947

HIGH

NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-6947. PoCs published by Fidus InfoSecurity.

AI-analyzed exploit summary This exploit targets CVE-2018-6947, a vulnerability in the nxfs driver, by manipulating uninitialized stack variables to achieve privilege escalation via a crafted IOCTL call. It maps memory regions, writes shellcode, and triggers the vulnerability to execute arbitrary code in kernel mode.

Description

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.

Exploits (2)

exploitdb WORKING POC
by Fidus InfoSecurity · pythonlocalwindows_x86-64
https://www.exploit-db.com/exploits/44168

This exploit targets CVE-2018-6947, a vulnerability in the nxfs driver, by manipulating uninitialized stack variables to achieve privilege escalation via a crafted IOCTL call. It maps memory regions, writes shellcode, and triggers the vulnerability to execute arbitrary code in kernel mode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: nxfs driver (likely part of a specific software, exact version unclear)
No auth needed
Prerequisites: Access to the vulnerable driver · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Fidus InfoSecurity · clocalwindows_x86
https://www.exploit-db.com/exploits/44167

This exploit targets a kernel driver vulnerability (CVE-2018-6947) to achieve local privilege escalation by manipulating memory via IOCTL calls and executing token-stealing shellcode.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: nxfs driver (unknown version)
No auth needed
Prerequisites: Local access to the system · Presence of vulnerable nxfs driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44168/
Vendor Advisory x_refsource_confirm
https://www.nomachine.com/SU02P00194
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44167/
Vendor Advisory x_refsource_confirm
https://www.nomachine.com/SU02P00195
Vendor Advisory x_refsource_confirm
https://www.nomachine.com/TR02P08408

Scores

CVSS v3 7.8
EPSS 0.0177
EPSS Percentile 83.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-665
Status published
Products (4)
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8
nomachine/nomachine < 6.0.66_2
Published Feb 28, 2018
Tracked Since Feb 18, 2026