Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w876-744c-hf5g

Опубликовано: 10 янв. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 6.3

Описание

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

Ссылки

EPSS

Процентиль: 8%
0.0003
Низкий

6.3 Medium

CVSS3

CVE ID

CVE-2023-29444

Дефекты

CWE-427

Связанные уязвимости

nvd логотип

CVE-2023-29444

CVSS3: 6.3
nvd
около 2 лет назад

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.

fstec логотип

BDU:2023-05847

CVSS3: 6.3
fstec
больше 2 лет назад

Уязвимость программного обеспечения OPC-серверов Kepware KEPServerEX и ThingWorkx Kepware Server, связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю переупаковать установщик с произвольной библиотекой DLL

EPSS

Процентиль: 8%
0.0003
Низкий

6.3 Medium

CVSS3

CVE ID

CVE-2023-29444

Дефекты

CWE-427