exploitDog

CVE-2023-45883

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.

Ссылки

https://hackandpwn.com/disclosures/CVE-2023-45883.pdf
Third Party Advisory
https://www.vidyo.com/enterprise-video-management/qumu
Product
https://hackandpwn.com/disclosures/CVE-2023-45883.pdf
Third Party Advisory
https://www.vidyo.com/enterprise-video-management/qumu
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:enghouse:qumu:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.0.63 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-269

Связанные уязвимости

GHSA-2fcg-hwv9-g767

CVSS3: 7.8

github

почти 2 года назад

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.

EPSS

Процентиль: 21%

0.00066

Низкий

7.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-269