Lucene search

NozomiCVE-2023-5936

HistoryMay 15, 2024 - 4:15 p.m.

CVE-2023-5936

2024-05-1516:15:09

CWE-732

Nozomi

web.nvd.nist.gov

unix systems

arc

temporary file

unsafe privileges

arbitrary code execution

root privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

7.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.

By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "MacOS"
    ],
    "product": "Arc",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "1.6.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

security.nozominetworks.com/NN-2023:14-01

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

7.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-5936