Lucene search

HackeroneCVE-2023-28122

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-28122

2023-04-1920:15:12

hackerone

web.nvd.nist.gov

cve-2023-28122

local privilege escalation

lpe

ui desktop

windows

version 0.59.1.71

security vulnerability

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.

Affected configurations

Nvd

Vulners

Node

uidesktopRange<0.62.3.0windows

VendorProductVersionCPE
uidesktop*cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ui	desktop	*	cpe:2.3:a:ui:desktop::::::windows::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "UI Desktop for Windows",
    "versions": [
      {
        "version": "Fixed on Version 0.62.3 or later.",
        "status": "affected"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-28122