cvedb.io
CVE-2018-13101
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-03T12:29:00.327 · Last modified 2026-06-17T01:38:51.227

Summary

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.

Affected products

redswimmer — kiosksimple

Does this affect you?

Add your gear to cvedb and we'll alert you only when redswimmer ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.