Lucene search

MitreCVE-2023-46047

HistoryMar 27, 2024 - 5:15 a.m.

CVE-2023-46047

2024-03-2705:15:47

CWE-20

mitre

web.nvd.nist.gov

sane 1.2.1

local attacker

arbitrary code

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.

References

seclists.org/fulldisclosure/2024/Jan/64

gitlab.com/sane-project/backends/-/issues/708

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-46047