Overview

CVE-2018-6516 - PE client tools loading openssl.cnf from an insecure location

  • Posted June 7, 2018

  • Assessed Risk Level: High

  • CVSS 3 Base Score: 8.8

On Windows only, with a specifically crafted configuration file an attacker could get PE client tools to load arbitrary code with privilege escalation.

Status:

Affected software versions:

  • pe-client-tools 16.4.x prior to 16.4.6
  • pe-client-tools 17.3.x prior to 17.3.6
  • pe-client-tools 18.1.x prior to 18.1.2

Resolved in:

  • pe-client-tools 16.4.6
  • pe-client-tools 17.3.6
  • pe-client-tools 18.1.2