Lucene search

IcscertCVELIST:CVE-2023-29152

HistoryJun 07, 2023 - 9:46 p.m.

CVE-2023-29152 PTC Vuforia Studio Improper Authorization

2023-06-0721:46:20

CWE-285

icscert

www.cve.org

cve-2023-29152

improper authorization

vuforia studio

file deletion

vuforia server account

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

By changing the filename parameter in the request, an attacker could
delete any file with the permissions of the Vuforia server account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vuforia Studio",
    "vendor": "PTC ",
    "versions": [
      {
        "lessThan": "9.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13

CVSS3

6.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2023-29152