exploitDog

CVE-2023-22282

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

Ссылки

https://jvn.jp/en/jp/JVN35246979/
Third Party Advisory
https://www.elecom.co.jp/news/security/20230324-01/
Vendor Advisory
https://jvn.jp/en/jp/JVN35246979/
Third Party Advisory
https://www.elecom.co.jp/news/security/20230324-01/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:elecom:wab-mat:*:*:*:*:*:*:*:*

Версия до 5.0.2.2 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

7.3 High

CVSS3

Дефекты

CWE-428

CWE-428

Связанные уязвимости

GHSA-6f3c-6h7q-9v52

CVSS3: 7.3

github

почти 3 года назад

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

EPSS

Процентиль: 20%

0.00063

Низкий

7.3 High

CVSS3

Дефекты

CWE-428

CWE-428