Lucene search

MitreCVE-2023-24671

HistoryMar 16, 2023 - 12:15 p.m.

CVE-2023-24671

2023-03-1612:15:11

CWE-428

mitre

web.nvd.nist.gov

cve-2023-24671

vx search

unquoted service path

vulnerability

nvd

security

elevated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.

Affected configurations

Nvd

Node

vxsearchvx_searchMatch13.8

vxsearchvx_searchMatch14.7

AND

microsoftwindowsMatch-

VendorProductVersionCPE
vxsearchvx_search13.8cpe:2.3:a:vxsearch:vx_search:13.8:*:*:*:*:*:*:*
vxsearchvx_search14.7cpe:2.3:a:vxsearch:vx_search:14.7:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vxsearch	vx_search	13.8	cpe:2.3:a:vxsearch:vx_search:13.8:::::::*
vxsearch	vx_search	14.7	cpe:2.3:a:vxsearch:vx_search:14.7:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

medium.com/%40SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae

packetstormsecurity.com/files/171300/VX-Search-13.8-Unquoted-Service-Path.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-24671