Lucene search

MitreCVE-2023-22947

HistoryJan 11, 2023 - 2:15 a.m.

CVE-2023-22947

2023-01-1102:15:11

CWE-427

mitre

web.nvd.nist.gov

shibboleth

3.4.1

windows

installation

local privilege escalation

dll planting

cve-2023-22947

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable’s folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that “We consider the ACLs a best effort thing” and “it was a documentation mistake.”

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

shibbolethservice_providerRange<3.4.1

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
shibbolethservice_provider*cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
shibboleth	service_provider	*	cpe:2.3:a:shibboleth:service_provider::::::::

References

shibboleth.atlassian.net/browse/SSPCPP-961

shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Restricting-ACLs

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-22947