Lucene search

[email protected]NVD:CVE-2023-34641

HistoryJun 19, 2023 - 5:15 a.m.

CVE-2023-34641

2023-06-1905:15:09

[email protected]

web.nvd.nist.gov

kioware

windows 10

incomplete blacklist

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.

Affected configurations

Nvd

Node

kiowarekiowareRange≤8.33windows

VendorProductVersionCPE
kiowarekioware*cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
kioware	kioware	*	cpe:2.3:a:kioware:kioware::::::windows::*

References

github.com/huntergregal/CVE/tree/main/CVE-2023-34641

github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-001

www.kioware.com/versionhistory.aspx?pid=15

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-34641

prion1 cvelist1 cve1