Lucene search

[email protected]NVD:CVE-2023-28080

HistoryMay 30, 2023 - 4:15 p.m.

CVE-2023-28080

2023-05-3016:15:09

CWE-427

[email protected]

web.nvd.nist.gov

powerpath

windows

dll hijacking

vulnerabilities

cve-2023-28080

escalate privileges

arbitrary code

nt authority\system

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

Affected configurations

Nvd

Node

dellpowerpathMatch7.0windows

dellpowerpathMatch7.1windows

dellpowerpathMatch7.2windows

VendorProductVersionCPE
dellpowerpath7.0cpe:2.3:a:dell:powerpath:7.0:*:*:*:*:windows:*:*
dellpowerpath7.1cpe:2.3:a:dell:powerpath:7.1:*:*:*:*:windows:*:*
dellpowerpath7.2cpe:2.3:a:dell:powerpath:7.2:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
dell	powerpath	7.0	cpe:2.3:a:dell:powerpath:7.0:::::windows::
dell	powerpath	7.1	cpe:2.3:a:dell:powerpath:7.1:::::windows::
dell	powerpath	7.2	cpe:2.3:a:dell:powerpath:7.2:::::windows::

References

www.dell.com/support/kbdoc/en-us/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-28080

prion1 cvelist1 cve1