Lucene search

[email protected]CVE-2023-4770

HistoryNov 30, 2023 - 2:15 p.m.

CVE-2023-4770

2023-11-3014:15:11

CWE-427

[email protected]

web.nvd.nist.gov

cve-2023-4770

vulnerability

dll hijacking

arbitrary code execution

4d server

windows executables

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

23.1%

JSON

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

Affected configurations

Vulners

NVD

Node

4d4dRange≤19 R8 100218

VendorProductVersionCPE
4d4d*cpe:2.3:a:4d:4d:*:*:*:*:*:*:*:*
4d4d*cpe:2.3:a:4d:4d:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
4d	4d	*	cpe:2.3:a:4d:4d::::::::
4d	4d	*	cpe:2.3:a:4d:4d::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "4D.exe",
    "vendor": "4D",
    "versions": [
      {
        "status": "affected",
        "version": "19 R8 100218"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "4D Server.exe",
    "vendor": "4D",
    "versions": [
      {
        "status": "affected",
        "version": "19 R8 100218"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

23.1%

JSON

Related for CVE-2023-4770

nvd1 cvelist1 prion1