Lucene search

[email protected]NVD:CVE-2023-38817

HistoryOct 11, 2023 - 7:15 p.m.

CVE-2023-38817

2023-10-1119:15:10

CWE-269

[email protected]

web.nvd.nist.gov

cve-2023-38817

inspect element ltd

local attacker

gain privileges

crafted command

echo_driver.sys

vendor's position

user-mode applications

nt authority\system

microsoft

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor’s position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was “deactivated by Microsoft itself.”

Affected configurations

Nvd

Node

echoanti_cheat_toolRange<5.2.1.0

VendorProductVersionCPE
echoanti_cheat_tool*cpe:2.3:a:echo:anti_cheat_tool:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
echo	anti_cheat_tool	*	cpe:2.3:a:echo:anti_cheat_tool::::::::

References

ioctl.fail/echo-ac-writeup/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-38817

vulnrichment1 cvelist1 cve2 prion1 nvd1