Lucene search

JpcertCVE-2024-41143

HistoryJul 29, 2024 - 9:15 a.m.

CVE-2024-41143

2024-07-2909:15:02

CWE-346

jpcert

web.nvd.nist.gov

vulnerability

skysea client view

origin validation error

system privilege

windows client

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.4%

JSON

Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product’s Windows client is installed.

Affected configurations

Nvd

Vulners

Node

skygroupskysea_client_viewRange3.013.00–19.210.04e

VendorProductVersionCPE
skygroupskysea_client_view*cpe:2.3:a:skygroup:skysea_client_view:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
skygroup	skysea_client_view	*	cpe:2.3:a:skygroup:skysea_client_view::::::::

CNA Affected

[
  {
    "vendor": "Sky Co.,LTD.",
    "product": "SKYSEA Client View",
    "versions": [
      {
        "version": "Ver.3.013.00 to Ver.19.210.04e",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN84326763/

www.skyseaclientview.net/news/240729_02/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-41143