Описание
Sudo for Windows Spoofing Vulnerability
Меры по смягчению последствий
The following mitigating factors might be helpful in your situation:
If you do not need Sudo functionality in Windows, you can launch developer settings and turn off Sudo. You could also switch it to launch applications in a new window mode.
FAQ
According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability?
An authenticated attacker must launch a specially crafted malicious application and wait for the victim to perform a command in a console window for the vulnerability to be exploited.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 24H2 for ARM64-based Systems | ||
| Windows 11 Version 24H2 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
Уязвимость утилиты системного администрирования Sudo операционных систем Windows, позволяющая нарушителю проводить спуфинг-атаки
EPSS
5.6 Medium
CVSS3