Description Preview
360 Total Security 3.5.0.1033 is affected by a security issue that allows a Sandbox Escape via specific commands executed within a .py file. The issue involves the use of an "import os" statement followed by potentially malicious commands like os.system("CMD") or os.system("PowerShell"). Although the vendor disputes categorizing this as a vulnerability, it is considered a security-related issue.
Overview
This CVE describes a security-related problem in 360 Total Security 3.5.0.1033 that enables a Sandbox Escape through the execution of certain commands within a Python file. The issue involves the use of the "import os" statement followed by potentially harmful commands like os.system("CMD") or os.system("PowerShell").
Remediation
As the vendor disputes categorizing this issue as a vulnerability, there may not be an official patch or fix provided. However, users and administrators are advised to exercise caution when running untrusted Python scripts or files within the 360 Total Security environment. It is recommended to review and validate the contents of Python files for any potentially malicious commands before execution.
References
- CVE-2018-18603: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18603
- Exploit Details: https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
