CVE-2018-9853
CRITICALfreeSSHd 1.3.1 - Privilege Escalation via Unprivileged Account Login
Title source: llmDescription
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a
Scores
CVSS v3
9.8
EPSS
0.0129
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
freesshd/freesshd
1.3.1
Published
Jul 10, 2018
Tracked Since
Feb 18, 2026