Lucene search

JpcertCVE-2023-22282

HistoryApr 11, 2023 - 9:15 a.m.

CVE-2023-22282

2023-04-1109:15:07

CWE-428

jpcert

web.nvd.nist.gov

cve

wab-mat

privilege escalation

unquoted file path

nvd

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.

Affected configurations

Nvd

Vulners

Node

microsoftwindowsMatch-

AND

elecomwab-matRange<5.0.2.2

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
elecomwab-mat*cpe:2.3:a:elecom:wab-mat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
elecom	wab-mat	*	cpe:2.3:a:elecom:wab-mat::::::::

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-MAT",
    "versions": [
      {
        "version": "Ver.5.0.0.8 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN35246979/

www.elecom.co.jp/news/security/20230324-01/

Social References

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-22282