Lucene search

[email protected]CVE-2023-26918

HistoryApr 14, 2023 - 12:15 a.m.

CVE-2023-26918

2023-04-1400:15:06

CWE-276

[email protected]

web.nvd.nist.gov

219

diasoft

file replication pro

privilege escalation

cve-2023-26918

security

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.

Affected configurations

NVD

Node

filereplicationprofile_replication_proMatch7.5.0

CPENameOperatorVersion
filereplicationpro:file_replication_profilereplicationpro file replication proeq7.5.0

CPE	Name	Operator	Version
filereplicationpro:file_replication_pro	filereplicationpro file replication pro	eq	7.5.0

References

packetstormsecurity.com/files/171879/File-Replication-Pro-7.5.0-Insecure-Permissions-Privilege-Escalation.html

www.filereplicationpro.com

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2023-26918

packetstorm1 nvd1 prion1 cvelist1 zdt1 exploitdb1