CVE-2023-32231

Опубликовано: 25 июл. 2023

Источник: nvd

CVSS3: 9.9

EPSS Низкий

Описание

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution.

Ссылки

https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm
Release Notes
https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm
Release Notes
https://www.vasion.com/press-releases/printerlogic-rebrands
Broken Link
Vendor Advisory
https://docs.printercloud.com/1-Printerlogic/Release_Notes/Client_Release_Notes.htm
Release Notes
https://docs.printercloud.com/1-Printerlogic/Release_Notes/Security_Bulletin_CVE.htm
Release Notes
https://www.vasion.com/press-releases/printerlogic-rebrands
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vasion:printerlogic_client:*:*:*:*:*:windows:*:*

Версия до 25.0.0.818 (исключая)

EPSS

Процентиль: 69%

0.00612

Низкий

9.9 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q4q2-256p-v9x5