Lucene search

DellCVELIST:CVE-2023-28080

HistoryMay 30, 2023 - 3:24 p.m.

CVE-2023-28080

2023-05-3015:24:49

CWE-427

dell

www.cve.org

powerpath

windows

dll hijacking

vulnerabilities

escalate privileges

execute arbitrary code

nt authority\system

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerPath Windows",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "7.0, 7.1 & 7.2"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-28080