Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1988 vulnerabilities reference this CWE, most recent first.

CVE-2023-21542 (GCVE-0-2023-21542)

Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35
VLAI
Title
Windows Installer Elevation of Privilege Vulnerability
Summary
Windows Installer Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1507 Affected: 10.0.10240.0 , < 10.0.10240.19685 (custom)
Create a notification for this product.
Microsoft Windows 10 Version 1607 Affected: 10.0.14393.0 , < 10.0.14393.5648 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 Affected: 10.0.14393.0 , < 10.0.14393.5648 (custom)
Create a notification for this product.
Microsoft Windows Server 2016 (Server Core installation) Affected: 10.0.14393.0 , < 10.0.14393.5648 (custom)
Create a notification for this product.
Microsoft Windows 7 Affected: 6.1.0 , < 6.1.7601.26321 (custom)
Create a notification for this product.
Microsoft Windows 7 Service Pack 1 Affected: 6.1.0 , < 6.1.7601.26321 (custom)
Create a notification for this product.
Microsoft Windows 8.1 Affected: 6.3.0 , < 6.3.9600.20778 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.21872 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) Affected: 6.0.6003.0 , < 6.0.6003.21872 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 Service Pack 2 Affected: 6.0.6003.0 , < 6.0.6003.21872 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 Affected: 6.1.7601.0 , < 6.1.7601.26321 (custom)
Create a notification for this product.
Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation) Affected: 6.1.7601.0 , < 6.1.7601.26321 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 Affected: 6.2.9200.0 , < 6.2.9200.24075 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 (Server Core installation) Affected: 6.2.9200.0 , < 6.2.9200.24075 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 Affected: 6.3.9600.0 , < 6.3.9600.20778 (custom)
Create a notification for this product.
Microsoft Windows Server 2012 R2 (Server Core installation) Affected: 6.3.9600.0 , < 6.3.9600.20778 (custom)
Create a notification for this product.
Date Public
2023-01-10 08:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:01.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Installer Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21542"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T18:45:11.244424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T18:45:23.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19685",
              "status": "affected",
              "version": "10.0.10240.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5648",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5648",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5648",
              "status": "affected",
              "version": "10.0.14393.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 7",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26321",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 7 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26321",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20778",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21872",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21872",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.21872",
              "status": "affected",
              "version": "6.0.6003.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26321",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26321",
              "status": "affected",
              "version": "6.1.7601.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24075",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24075",
              "status": "affected",
              "version": "6.2.9200.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20778",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20778",
              "status": "affected",
              "version": "6.3.9600.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.10240.19685",
                  "versionStartIncluding": "10.0.10240.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.14393.5648",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.5648",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.5648",
                  "versionStartIncluding": "10.0.14393.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.1.7601.26321",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26321",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.3.9600.20778",
                  "versionStartIncluding": "6.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.21872",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.0.6003.21872",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "6.0.6003.21872",
                  "versionStartIncluding": "6.0.6003.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26321",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.1.7601.26321",
                  "versionStartIncluding": "6.1.7601.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24075",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.2.9200.24075",
                  "versionStartIncluding": "6.2.9200.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.20778",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "6.3.9600.20778",
                  "versionStartIncluding": "6.3.9600.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Installer Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T00:35:35.885Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Installer Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21542"
        }
      ],
      "title": "Windows Installer Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-21542",
    "datePublished": "2023-01-10T00:00:00.000Z",
    "dateReserved": "2022-12-01T00:00:00.000Z",
    "dateUpdated": "2025-01-01T00:35:35.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20008 (GCVE-0-2023-20008)

Vulnerability from cvelistv5 – Published: 2023-01-19 01:41 – Updated: 2024-08-02 08:57
VLAI
Summary
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco RoomOS Software Affected: RoomOS 10.3.2.0
Affected: RoomOS 10.3.4.0
Affected: RoomOS 10.8.2.5
Affected: RoomOS 10.11.5.2
Affected: RoomOS 10.8.4.0
Affected: RoomOS 10.11.3.0
Affected: RoomOS 10.15.3.0
Create a notification for this product.
Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.0.1
Affected: CE9.1.1
Affected: CE9.1.2
Affected: CE9.1.3
Affected: CE9.1.4
Affected: CE9.1.5
Affected: CE9.1.6
Affected: CE9.10.1
Affected: CE9.10.2
Affected: CE9.10.3
Affected: CE9.12.4
Affected: CE9.12.5
Affected: CE9.12.3
Affected: CE9.13.0
Affected: CE9.13.1
Affected: CE9.13.3
Affected: CE9.13.2
Affected: CE9.2.1
Affected: CE9.2.2
Affected: CE9.2.3
Affected: CE9.2.4
Affected: CE9.9.3
Affected: CE9.9.4
Affected: CE9.14.3
Affected: CE9.14.5
Affected: CE9.14.4
Affected: CE9.14.6
Affected: CE9.14.7
Affected: CE9.15.0.11
Affected: CE9.15.0.10
Affected: CE9.15.8.12
Affected: CE9.15.13.0
Affected: CE9.15.10.8
Affected: CE9.15.3.26
Affected: CE9.15.3.25
Affected: CE9.15.3.17
Affected: CE9.15.3.22
Affected: CE9.15.0.19
Affected: TC7.3.21
Affected: RoomOS 10.8.4.0
Affected: RoomOS 10.11.3.0
Affected: RoomOS 10.11.5.2
Affected: RoomOS 10.15.3.0
Affected: 9.15.3.25
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-roomos-dkjGFgRK",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "RoomOS 10.3.2.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.3.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.2.5"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.5.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.3.0"
            }
          ]
        },
        {
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.12.4"
            },
            {
              "status": "affected",
              "version": "CE9.12.5"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.13.1"
            },
            {
              "status": "affected",
              "version": "CE9.13.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.2"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.14.3"
            },
            {
              "status": "affected",
              "version": "CE9.14.5"
            },
            {
              "status": "affected",
              "version": "CE9.14.4"
            },
            {
              "status": "affected",
              "version": "CE9.14.6"
            },
            {
              "status": "affected",
              "version": "CE9.14.7"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.11"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.10"
            },
            {
              "status": "affected",
              "version": "CE9.15.8.12"
            },
            {
              "status": "affected",
              "version": "CE9.15.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.15.10.8"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.26"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.25"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.17"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.22"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.19"
            },
            {
              "status": "affected",
              "version": "TC7.3.21"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.8.4.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.3.0"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.11.5.2"
            },
            {
              "status": "affected",
              "version": "RoomOS 10.15.3.0"
            },
            {
              "status": "affected",
              "version": "9.15.3.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device.\r\n\r This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:30.027Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-roomos-dkjGFgRK",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
        }
      ],
      "source": {
        "advisory": "cisco-sa-roomos-dkjGFgRK",
        "defects": [
          "CSCwc47201"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20008",
    "datePublished": "2023-01-19T01:41:03.629Z",
    "dateReserved": "2022-10-27T18:47:50.307Z",
    "dateUpdated": "2024-08-02T08:57:35.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20004 (GCVE-0-2023-20004)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:23 – Updated: 2024-11-15 15:37
VLAI
Title
Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability
Summary
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco RoomOS Software Affected: N/A
Create a notification for this product.
Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
Affected: CE9.1.4
Affected: CE9.9.3
Affected: CE9.10.3
Affected: CE9.1.5
Affected: CE9.2.4
Affected: CE9.10.1
Affected: CE9.13.0
Affected: CE9.1.2
Affected: CE9.1.1
Affected: CE9.9.4
Affected: CE9.2.1
Affected: CE9.1.3
Affected: CE9.0.1
Affected: CE9.1.6
Affected: CE9.12.4
Affected: CE9.2.2
Affected: CE9.12.3
Affected: CE9.2.3
Affected: CE9.13.1
Affected: CE9.14.3
Affected: CE9.14.4
Affected: CE9.13.2
Affected: CE9.12.5
Affected: CE9.14.5
Affected: CE9.15.0.10
Affected: CE9.15.0.11
Affected: CE9.13.3
Affected: CE9.15.0.13
Affected: CE9.14.6
Affected: CE9.15.3.17
Affected: CE9.14.7
Affected: CE9.15.0.19
Affected: CE9.15.3.19
Affected: CE9.15.3.18
Affected: CE9.15.3.22
Affected: CE9.15.8.12
Affected: CE9.15.10.8
Affected: CE9.15.3.26
Affected: CE9.15.3.25
Affected: CE9.15.13.0
Affected: CE9.15.15.4
Affected: CE9.15.16.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T15:37:09.280084Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:37:26.021Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.12.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.1"
            },
            {
              "status": "affected",
              "version": "CE9.14.3"
            },
            {
              "status": "affected",
              "version": "CE9.14.4"
            },
            {
              "status": "affected",
              "version": "CE9.13.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.5"
            },
            {
              "status": "affected",
              "version": "CE9.14.5"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.10"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.11"
            },
            {
              "status": "affected",
              "version": "CE9.13.3"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.13"
            },
            {
              "status": "affected",
              "version": "CE9.14.6"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.17"
            },
            {
              "status": "affected",
              "version": "CE9.14.7"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.18"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.22"
            },
            {
              "status": "affected",
              "version": "CE9.15.8.12"
            },
            {
              "status": "affected",
              "version": "CE9.15.10.8"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.26"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.25"
            },
            {
              "status": "affected",
              "version": "CE9.15.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.15.15.4"
            },
            {
              "status": "affected",
              "version": "CE9.15.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:23:29.140Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-roomos-file-write-rHKwegKf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
        "defects": [
          "CSCwc47206"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20004",
    "datePublished": "2024-11-15T15:23:29.140Z",
    "dateReserved": "2022-10-27T18:47:50.305Z",
    "dateUpdated": "2024-11-15T15:37:26.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-7216 (GCVE-0-2023-7216)

Vulnerability from cvelistv5 – Published: 2024-02-05 15:12 – Updated: 2026-02-25 19:39
VLAI
Title
Cpio: extraction allows symlinks which enables remote command execution
Summary
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2023-7216 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2249901 issue-trackingx_refsource_REDHAT
Impacted products
Date Public
2024-02-05 00:00
Credits
Red Hat would like to thank Febin Mon Saji for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:34.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-7216"
          },
          {
            "name": "RHBZ#2249901",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249901"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7216",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-07T15:43:39.938371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T14:32:13.934Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "cpio",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "cpio",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "cpio",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "cpio",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Febin Mon Saji for reporting this issue."
        }
      ],
      "datePublic": "2024-02-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T19:39:05.652Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-7216"
        },
        {
          "name": "RHBZ#2249901",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249901"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-11-15T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-05T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Cpio: extraction allows symlinks which enables remote command execution",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use the --no-absolute-filenames option to avoid this behaviour."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-7216",
    "datePublished": "2024-02-05T15:12:17.193Z",
    "dateReserved": "2024-01-05T14:21:24.756Z",
    "dateUpdated": "2026-02-25T19:39:05.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-6336 (GCVE-0-2023-6336)

Vulnerability from cvelistv5 – Published: 2024-01-16 19:42 – Updated: 2025-06-02 15:08
VLAI
Summary
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
HYPR Workforce Access Affected: 0 , < 8.7 (patch)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.hypr.com/security-advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T19:09:43.126612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-02T15:08:23.060Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Workforce Access",
          "vendor": "HYPR",
          "versions": [
            {
              "lessThan": "8.7",
              "status": "affected",
              "version": "0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.\u003cp\u003eThis issue affects Workforce Access: before 8.7.\u003c/p\u003e"
            }
          ],
          "value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-73",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-73 User-Controlled Filename"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T19:42:09.035Z",
        "orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
        "shortName": "HYPR"
      },
      "references": [
        {
          "url": "https://www.hypr.com/security-advisories"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
    "assignerShortName": "HYPR",
    "cveId": "CVE-2023-6336",
    "datePublished": "2024-01-16T19:42:09.035Z",
    "dateReserved": "2023-11-27T18:05:05.008Z",
    "dateUpdated": "2025-06-02T15:08:23.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6335 (GCVE-0-2023-6335)

Vulnerability from cvelistv5 – Published: 2024-01-16 19:42 – Updated: 2025-06-02 15:08
VLAI
Summary
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
HYPR Workforce Access Affected: 0 , < 8.7 (patch)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:21.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.hypr.com/security-advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:54:39.703203Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-02T15:08:28.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Workforce Access",
          "vendor": "HYPR",
          "versions": [
            {
              "lessThan": "8.7",
              "status": "affected",
              "version": "0",
              "versionType": "patch"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.\u003cp\u003eThis issue affects Workforce Access: before 8.7.\u003c/p\u003e"
            }
          ],
          "value": "Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-73",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-73 User-Controlled Filename"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T19:42:02.665Z",
        "orgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
        "shortName": "HYPR"
      },
      "references": [
        {
          "url": "https://www.hypr.com/security-advisories"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0dc7baee-4a9f-419f-bd0a-e21ec5dac512",
    "assignerShortName": "HYPR",
    "cveId": "CVE-2023-6335",
    "datePublished": "2024-01-16T19:42:02.665Z",
    "dateReserved": "2023-11-27T18:04:52.332Z",
    "dateUpdated": "2025-06-02T15:08:28.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-6069 (GCVE-0-2023-6069)

Vulnerability from cvelistv5 – Published: 2023-11-10 00:00 – Updated: 2024-08-02 08:21
VLAI
Title
Improper Link Resolution Before File Access in froxlor/froxlor
Summary
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
froxlor froxlor/froxlor Affected: unspecified , < 2.1.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "froxlor/froxlor",
          "vendor": "froxlor",
          "versions": [
            {
              "lessThan": "2.1.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\u003c/p\u003e"
            }
          ],
          "value": "Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T21:10:57.491Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/aac0627e-e59d-476e-9385-edb7ff53758c"
        },
        {
          "url": "https://github.com/froxlor/froxlor/commit/9e8f32f1e86016733b603b50c31b97f472e8dabc"
        }
      ],
      "source": {
        "advisory": "aac0627e-e59d-476e-9385-edb7ff53758c",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Link Resolution Before File Access in froxlor/froxlor",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2023-6069",
    "datePublished": "2023-11-10T00:00:32.765Z",
    "dateReserved": "2023-11-10T00:00:12.624Z",
    "dateUpdated": "2024-08-02T08:21:17.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4759 (GCVE-0-2023-4759)

Vulnerability from cvelistv5 – Published: 2023-09-12 09:12 – Updated: 2024-08-02 07:37
VLAI
Title
Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write
Summary
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r. The JGit maintainers would like to thank RyotaK for finding and reporting this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
  • CWE-178 - Improper Handling of Case Sensitivity
Assigner
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse JGit Affected: 0.0.0 , ≤ 6.6.0.202305301015-r (semver)
Unaffected: 5.13.3.202401111512-r
Create a notification for this product.
eclipse jgit Affected: 0 , ≤ 6.6.0.202305301015-r (semver)
    cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*
Create a notification for this product.
eclipse jgit Unaffected: 5.13.3.202401111512-r
    cpe:2.3:a:eclipse:jgit:5.13.3.202401111512-r:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-09-12 10:00
Credits
RyotaK
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jgit",
            "vendor": "eclipse",
            "versions": [
              {
                "lessThanOrEqual": "6.6.0.202305301015-r",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:eclipse:jgit:5.13.3.202401111512-r:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jgit",
            "vendor": "eclipse",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.13.3.202401111512-r"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:38.083883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T13:51:38.023Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:37:59.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://git.eclipse.org/c/jgit/jgit.git/",
          "defaultStatus": "unaffected",
          "product": "Eclipse JGit",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "6.6.0.202305301015-r",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "  5.13.3.202401111512-r"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "RyotaK"
        }
      ],
      "datePublic": "2023-09-12T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eArbitrary File Overwrite in Eclipse JGit \u0026lt;= 6.6.0\u003c/p\u003e\u003cp\u003eIn Eclipse JGit, all versions \u0026lt;= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\u003c/p\u003e\u003cp\u003eThis can happen on checkout (\u003ccode\u003eDirCacheCheckout\u003c/code\u003e), merge (\u003ccode\u003eResolveMerger\u003c/code\u003e\u0026nbsp;via its \u003ccode\u003eWorkingTreeUpdater\u003c/code\u003e), pull (\u003ccode\u003ePullCommand\u003c/code\u003e\u0026nbsp;using merge), and when applying a patch (\u003ccode\u003ePatchApplier\u003c/code\u003e). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\u003c/p\u003e\u003cp\u003eThe issue occurs only on case-\u003cstrong\u003ein\u003c/strong\u003esensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\u003c/p\u003e\u003cp\u003eSetting git configuration option \u003ccode\u003ecore.symlinks = false\u003c/code\u003e\u0026nbsp;before checking out avoids the problem.\u003c/p\u003e\u003cp\u003eThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://repo1.maven.org/maven2/org/eclipse/jgit/\"\u003eMaven Central\u003c/a\u003e\u0026nbsp;and \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://repo.eclipse.org/content/repositories/jgit-releases/\"\u003erepo.eclipse.org\u003c/a\u003e. A backport is available in 5.13.3 starting from  5.13.3.202401111512-r.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via  Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and  repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from  5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-132",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-132 Symlink Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-178",
              "description": "CWE-178 Improper Handling of Case Sensitivity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T15:21:24.101Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11"
        },
        {
          "url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.6.1"
        },
        {
          "url": "https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSetting git configuration option \u003ccode\u003ecore.symlinks = false\u003c/code\u003e\u0026nbsp;before checking out avoids the problem.\u003c/p\u003e"
            }
          ],
          "value": "Setting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2023-4759",
    "datePublished": "2023-09-12T09:12:10.254Z",
    "dateReserved": "2023-09-04T16:06:00.689Z",
    "dateUpdated": "2024-08-02T07:37:59.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1412 (GCVE-0-2023-1412)

Vulnerability from cvelistv5 – Published: 2023-04-05 15:22 – Updated: 2025-02-10 18:02
VLAI
Title
Local Privilege Escalation Vulnerability in WARP's MSI Installer
Summary
An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Cloudflare WARP Affected: 0 , ≤ 2022.5.309.0 (N/A)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-hgxh-48m3-3gq7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developers.cloudflare.com/warp-client/get-started/windows/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T18:02:23.833503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T18:02:41.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "WARP Installer",
          "platforms": [
            "Windows"
          ],
          "product": "WARP",
          "vendor": "Cloudflare",
          "versions": [
            {
              "changes": [
                {
                  "at": "2023.3.381.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2022.5.309.0",
              "status": "affected",
              "version": "0",
              "versionType": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (\u0026lt;= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eAfter installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\\Windows\\Installer. The vulnerability lies in the repair function of this MSI.\u003c/p\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003eAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.\u003c/p\u003e\u003ch3\u003ePatches\u003c/h3\u003e\u003cp\u003eA new installer with a fix that addresses this vulnerability was released in version \u003cstrong\u003e2023.3.381.0\u003c/strong\u003e. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (\u003c= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user).\n\nAfter installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\\Windows\\Installer. The vulnerability lies in the repair function of this MSI.\n\nImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation.\n\nPatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.\n\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T15:22:56.317Z",
        "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "shortName": "cloudflare"
      },
      "references": [
        {
          "url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-hgxh-48m3-3gq7"
        },
        {
          "url": "https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release"
        },
        {
          "url": "https://developers.cloudflare.com/warp-client/get-started/windows/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Local Privilege Escalation Vulnerability in WARP\u0027s MSI Installer",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
    "assignerShortName": "cloudflare",
    "cveId": "CVE-2023-1412",
    "datePublished": "2023-04-05T15:22:56.317Z",
    "dateReserved": "2023-03-15T13:33:23.768Z",
    "dateUpdated": "2025-02-10T18:02:41.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1314 (GCVE-0-2023-1314)

Vulnerability from cvelistv5 – Published: 2023-03-21 11:01 – Updated: 2025-02-26 16:53
VLAI
Title
Local Privilege Escalation Vulnerability in cloudflared's Installer
Summary
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process. Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised. The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
Impacted products
Vendor Product Version
Cloudflare cloudflared Affected: 0 , ≤ <=2023.3.0 (custom)
Create a notification for this product.
Credits
sim0nsecurity
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cloudflare/cloudflared/releases"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1314",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T16:53:22.538031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T16:53:31.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "MSI Installer"
          ],
          "packageName": "cloudflared",
          "platforms": [
            "Windows",
            "32 bit"
          ],
          "product": "cloudflared",
          "repo": "https://github.com/cloudflare/cloudflared",
          "vendor": "Cloudflare",
          "versions": [
            {
              "changes": [
                {
                  "at": "2023.3.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "\u003c=2023.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "sim0nsecurity"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA vulnerability has been discovered in cloudflared\u0027s installer (\u0026lt;= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.\u003c/p\u003e\u003cp\u003eAn attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer\u0027s repair functionality to delete the target file during the repair process.\u003c/p\u003e\u003cp\u003eExploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eThe cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.\u003c/strong\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability has been discovered in cloudflared\u0027s installer (\u003c= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory.\n\nAn attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer\u0027s repair functionality to delete the target file during the repair process.\n\nExploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised.\n\nThe cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-132",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-132 Symlink Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-21T11:01:14.062Z",
        "orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
        "shortName": "cloudflare"
      },
      "references": [
        {
          "url": "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-7mjv-x3jf-545x"
        },
        {
          "url": "https://github.com/cloudflare/cloudflared/releases"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA new installer was released as part of version 2023.3.1. Users are encouraged to remove old installers from their systems.\u003c/p\u003e"
            }
          ],
          "value": "A new installer was released as part of version 2023.3.1. Users are encouraged to remove old installers from their systems.\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Local Privilege Escalation Vulnerability in cloudflared\u0027s Installer",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
    "assignerShortName": "cloudflare",
    "cveId": "CVE-2023-1314",
    "datePublished": "2023-03-21T11:01:14.062Z",
    "dateReserved": "2023-03-10T11:10:40.020Z",
    "dateUpdated": "2025-02-26T16:53:31.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.