exploitDog

CVE-2023-49114

Опубликовано: 26 фев. 2024

Источник: nvd

CVSS3: 6.7

EPSS Низкий

Описание

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

Ссылки

http://seclists.org/fulldisclosure/2024/Mar/10
Exploit
Mailing List
Third Party Advisory
https://r.sec-consult.com/qognify
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/10
Exploit
Mailing List
Third Party Advisory
https://r.sec-consult.com/qognify
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hexagon:qognify_vms_client_viewer:*:*:*:*:*:*:*:*

Версия от 7.1 (включая)

EPSS

Процентиль: 17%

0.00055

Низкий

6.7 Medium

CVSS3

Дефекты

CWE-427

CWE-427

Связанные уязвимости

GHSA-m3q9-44rg-xw34

CVSS3: 6.7

github

почти 2 года назад

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

EPSS

Процентиль: 17%

0.00055

Низкий

6.7 Medium

CVSS3

Дефекты

CWE-427

CWE-427