How severe is CVE-2018-15490?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2018-15490?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2018-15490

HIGH Year: 2018

CVSS v3 Score

7.1

High

CVSS v2 Score

6.6

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service.

CVE-2016-10330

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-6896

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read ...

CWE-222016

CVE-2017-15309

HIGH

CVSS:7.1(High)

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious fi...

CWE-222017

CVE-2017-2706

HIGH

CVSS:7.1(High)

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are t...

CWE-222017

CVE-2017-5228

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build o...

CWE-222017

CVE-2017-5229

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted...

CWE-222017

CVE-2018-15490

Vulnerability Description

Related Vulnerabilities

CVE-2016-10330

CVE-2016-6896

CVE-2017-15309

CVE-2017-2706

CVE-2017-5228

CVE-2017-5229