Lucene search

HackeroneCVE-2023-28123

HistoryApr 19, 2023 - 8:15 p.m.

CVE-2023-28123

2023-04-1920:15:12

CWE-732

hackerone

web.nvd.nist.gov

ui desktop

windows

permission misconfiguration

vpn

hijack

credential

vulnerability

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later.

Affected configurations

Nvd

Vulners

Node

uidesktopRange<0.62.3.0windows

VendorProductVersionCPE
uidesktop*cpe:2.3:a:ui:desktop:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ui	desktop	*	cpe:2.3:a:ui:desktop::::::windows::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "UI Desktop for Windows",
    "versions": [
      {
        "version": "Fixed on Version 0.62.3 or later.",
        "status": "affected"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-029-029/a47c68f2-1f3a-47c3-b577-eb70599644e4

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28123