Lucene search

SEC-VLabCVE-2023-49114

HistoryFeb 26, 2024 - 4:27 p.m.

CVE-2023-49114

2024-02-2616:27:47

CWE-427

SEC-VLab

web.nvd.nist.gov

3741

cve-2023-49114

dll hijacking

qognify

vms client viewer

vulnerability

local users

arbitrary code

higher privileges

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMS Client Viewer",
    "vendor": "Qognify",
    "versions": [
      {
        "status": "affected",
        "version": ">=7.1"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Mar/10

r.sec-consult.com/qognify

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-49114