360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/151867 | Third Party Advisory |
https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/ | Third Party Advisory |
Configurations
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
Summary | 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue |
Information
Published : 2018-10-23 16:29
Updated : 2024-08-05 12:15
NVD link : CVE-2018-18603
Mitre link : CVE-2018-18603
CVE.ORG link : CVE-2018-18603
JSON object : View
Products Affected
360totalsecurity
- 360_total_security
CWE