Lucene search

[email protected]CVE-2023-38817

HistoryOct 11, 2023 - 7:15 p.m.

CVE-2023-38817

2023-10-1119:15:10

CWE-269

[email protected]

web.nvd.nist.gov

cve-2023-38817

inspect element ltd

echo.ac

privilege escalation

security vulnerability

nt authority\system

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor’s position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was “deactivated by Microsoft itself.”

Affected configurations

NVD

Node

echoanti_cheat_toolRange<5.2.1.0

CPENameOperatorVersion
echo:anti_cheat_toolecho anti cheat toollt5.2.1.0

CPE	Name	Operator	Version
echo:anti_cheat_tool	echo anti cheat tool	lt	5.2.1.0

References

ioctl.fail/echo-ac-writeup/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-38817

cvelist1 nvd2 prion1 cve1