Lucene search

[email protected]CVE-2023-29166

HistorySep 06, 2023 - 2:15 a.m.

CVE-2023-29166

2023-09-0602:15:08

[email protected]

web.nvd.nist.gov

cve-2023-29166

logic issue

state management

elevation of privileges

pro video formats 2.2.5

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges.

Affected configurations

Vulners

NVD

Node

applepro_video_formatsRange<2.2

VendorProductVersionCPE
applepro_video_formats*cpe:2.3:a:apple:pro_video_formats:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	pro_video_formats	*	cpe:2.3:a:apple:pro_video_formats::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "Pro Video Formats",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "2.2",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT213882

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for CVE-2023-29166

apple1 nvd1 prion1 cvelist1