Lucene search

GoogleOSV:CVE-2023-50446

HistoryDec 10, 2023 - 5:15 p.m.

CVE-2023-50446

2023-12-1017:15:07

Google

osv.dev

mullvad vpn

windows

permissions

escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM.

References

github.com/mullvad/mullvadvpn-app/pull/5398

github.com/mullvad/mullvadvpn-app/releases/tag/2023.6

github.com/mullvad/mullvadvpn-app/releases/tag/2023.6-beta1

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2023-50446