Lucene search

ZteCVELIST:CVE-2023-25648

HistoryDec 14, 2023 - 6:46 a.m.

CVE-2023-25648 Weak Folder Permission Vulnerability in ZTE ZXCLOUD iRAI

2023-12-1406:46:39

CWE-732

zte

www.cve.org

cve-2023-25648

weak folder permission

zte zxcloud irai

dll

local privileges

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

5.2%

JSON

There is a weak folder permission vulnerability in ZTE’s ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "ZXCLOUD iRAI",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "V7.23.20",
        "status": "affected",
        "version": "All versions up to V7.23.20",
        "versionType": "V7.23.20"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVELIST:CVE-2023-25648