CVE-2018-17305: High severity uipath orchestrator vulnerability
Published Apr 11, 2019
·Updated
UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution.
Affected Software
1 affected component
UiPath Orchestrator<=2018.2.4
Remediation
Event History
Apr 11, 2019
CVE Published
via MITRE·04:16 PM
Data Sourced
via MITRE·04:16 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2018-17305?
CVE-2018-17305 is categorized as a critical vulnerability due to its potential for privilege escalation and remote code execution.
2
How do I fix CVE-2018-17305?
To fix CVE-2018-17305, upgrade UiPath Orchestrator to version 2018.2.5 or later.
3
Who is affected by CVE-2018-17305?
Any authenticated user of UiPath Orchestrator versions up to 2018.2.4 is affected by CVE-2018-17305.
4
What type of attack can CVE-2018-17305 facilitate?
CVE-2018-17305 can facilitate a privilege escalation attack, allowing unauthorized changes to be made to user accounts.
5
Is CVE-2018-17305 a local or remote vulnerability?
CVE-2018-17305 can be exploited locally by authenticated users but can lead to remote code execution.