Lucene search

[email protected]NVD:CVE-2022-23748

HistoryNov 17, 2022 - 11:15 p.m.

CVE-2022-23748

2022-11-1723:15:14

CWE-114

CWE-426

[email protected]

web.nvd.nist.gov

mdnsresponder

dll sideloading

vulnerability

executable

malicious attacker

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.7%

JSON

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

Affected configurations

Nvd

Node

audinatedante_application_libraryRange≤1.2.0

AND

microsoftwindowsMatch-

VendorProductVersionCPE
audinatedante_application_library*cpe:2.3:a:audinate:dante_application_library:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
audinate	dante_application_library	*	cpe:2.3:a:audinate:dante_application_library::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

cpr-zero.checkpoint.com/vulns/cprid-2193/%2C

www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.7%

JSON

Related for NVD:CVE-2022-23748

cve1 prion1 cvelist1