Lucene search

[email protected]CVE-2023-25648

HistoryDec 14, 2023 - 7:15 a.m.

CVE-2023-25648

2023-12-1407:15:07

CWE-732

[email protected]

web.nvd.nist.gov

zte

zxcloud

irai

vulnerability

weak folder permission

dll

local privileges

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

There is a weak folder permission vulnerability in ZTE’s ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

Affected configurations

NVD

Node

ztezxcloud_iraiMatch-

AND

ztezxcloud_irai_firmwareRange<7.23.21

CPENameOperatorVersion
zte:zxcloud_irai_firmwarezte zxcloud irai firmwarelt7.23.21

CPE	Name	Operator	Version
zte:zxcloud_irai_firmware	zte zxcloud irai firmware	lt	7.23.21

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "ZXCLOUD iRAI",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "V7.23.20",
        "status": "affected",
        "version": "All versions up to V7.23.20",
        "versionType": "V7.23.20"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-25648

cvelist1 nvd1 prion1