Lucene search

[email protected]CVE-2023-34407

HistoryJun 05, 2023 - 2:15 a.m.

CVE-2023-34407

2023-06-0502:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-34407

offlineplayerservice.exe

harbinger offline player

directory traversal

localsystem

url

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via …\ in a URL.

Affected configurations

NVD

Node

harbingergroupoffice_playerMatch4.0.6.0.2

CPENameOperatorVersion
harbingergroup:office_playerharbingergroup office playereq4.0.6.0.2

CPE	Name	Operator	Version
harbingergroup:office_player	harbingergroup office player	eq	4.0.6.0.2

References

cybir.com/2023/cve/proof-of-concept-checkpoint-learning-harbinger-systems-offline-player-multiple-poc-for-cl-4-0-6-0-2-lfi-excessive-rights/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2023-34407

cvelist1 prion1 nvd1