CVE-2023-29838

Опубликовано: 22 мая 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.

Ссылки

https://github.com/IthacaLabs/Botkind/blob/main/Botkind_SyncApp/WeakServicePermissions_InsecureServiceExecutable_CVE-2023-29838.txt
Third Party Advisory
https://github.com/IthacaLabs/Botkind/tree/main/Botkind_SyncApp
Exploit
https://github.com/IthacaLabs/Botkind/blob/main/Botkind_SyncApp/WeakServicePermissions_InsecureServiceExecutable_CVE-2023-29838.txt
Third Party Advisory
https://github.com/IthacaLabs/Botkind/tree/main/Botkind_SyncApp
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:allwaysync:allwaysync:19.0.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

7.8 High

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-cpqc-m5vg-2rph