Lucene search

GoogleCVELIST:CVE-2023-3181

HistoryJan 25, 2024 - 3:22 p.m.

CVE-2023-3181 Insecure Permissions in Splashtop Software Updater

2024-01-2515:22:47

CWE-379

Google

www.cve.org

splashtop

software updater

permissions

insecure

execution

risk

dll hijacking

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Splashtop Software Updater",
    "vendor": "Splashtop",
    "versions": [
      {
        "lessThan": "1.5.6.21",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0015.md

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-3181