Lucene search

NozomiVULNRICHMENT:CVE-2023-5936

HistoryMay 15, 2024 - 4:04 p.m.

CVE-2023-5936 Unsafe temporary data privileges on Unix systems in Arc before v1.6.0

2024-05-1516:04:58

CWE-732

Nozomi

github.com

cve-2023-5936

unix systems

arc

temporary file

unsafe privileges

arbitrary code execution

root privileges

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.

By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "MacOS"
    ],
    "product": "Arc",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "1.6.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

security.nozominetworks.com/NN-2023:14-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

CVSS4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VULNRICHMENT:CVE-2023-5936