CVE-2018-10501: Path Traversal
First published: Mon Sep 24 2018(Updated: )
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358.
Credit: zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Notes | <2.0.02.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-10501?
CVE-2018-10501 is a vulnerability that allows local attackers to escalate privileges on vulnerable installations of Samsung Notes.
What is the severity of CVE-2018-10501?
The severity of CVE-2018-10501 is high with a severity value of 7.
How does CVE-2018-10501 impact Samsung Notes?
CVE-2018-10501 allows local attackers to escalate privileges on affected versions of Samsung Notes.
How can CVE-2018-10501 be exploited?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit CVE-2018-10501.
Is there a fix available for CVE-2018-10501?
Yes, CVE-2018-10501 has been fixed in version 2.0.02.31 of Samsung Notes.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung notes