CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2023-6793 (GCVE-0-2023-6793)
Vulnerability from cvelistv5 – Published: 2023-12-13 18:40 – Updated: 2024-12-02 14:27
VLAI
Title
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
Summary
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | PAN-OS |
Unaffected:
8.1 , < All
(custom)
Affected: 9.0 , < 9.0.17-h4 (custom) Affected: 9.1 , < 9.1.17 (custom) Affected: 10.0 , ≤ All (custom) Affected: 10.1 , < 10.1.11 (custom) Affected: 10.2 , < 10.2.5 (custom) Affected: 11.0 , < 11.0.2 (custom) Unaffected: 11.1 , < All (custom) |
|
| Palo Alto Networks | Prisma Access |
Unaffected:
All
|
|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
|
Date Public
2023-12-13 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-6793"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T14:27:40.179186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T14:27:51.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "8.1.24-h1",
"status": "unaffected"
}
],
"lessThan": "All",
"status": "unaffected",
"version": "8.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.0.17-h4",
"status": "unaffected"
}
],
"lessThan": "9.0.17-h4",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "9.1.17",
"status": "unaffected"
}
],
"lessThan": "9.1.17",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "All",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.11",
"status": "unaffected"
}
],
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.5",
"status": "unaffected"
}
],
"lessThan": "10.2.5",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.2",
"status": "unaffected"
}
],
"lessThan": "11.0.2",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "All",
"status": "unaffected",
"version": "11.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\u003cbr\u003e\u003cbr\u003eYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"
}
],
"value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access"
}
],
"datePublic": "2023-12-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage."
}
],
"value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T18:40:54.955Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-6793"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-12-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices."
}
],
"value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2023-6793",
"datePublished": "2023-12-13T18:40:54.955Z",
"dateReserved": "2023-12-13T17:27:26.408Z",
"dateUpdated": "2024-12-02T14:27:51.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6804 (GCVE-0-2023-6804)
Vulnerability from cvelistv5 – Published: 2023-12-21 20:45 – Updated: 2024-11-27 18:41
VLAI
Title
Improper Privilege Management allows for arbitrary workflows to be run
Summary
Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.
Severity
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | Enterprise Server |
Affected:
3.8.0 , ≤ 3.8.11
(semver)
Affected: 3.9.0 , ≤ 3.9.6 (semver) Affected: 3.10.0 , ≤ 3.10.3 (semver) Affected: 3.11 , ≤ 3.11.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T18:41:13.375322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T18:41:27.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.8.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.8.11",
"status": "affected",
"version": "3.8.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.9.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.9.6",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.10.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "3.10.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.11.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.11.0",
"status": "affected",
"version": "3.11",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T20:45:34.098Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Privilege Management allows for arbitrary workflows to be run",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2023-6804",
"datePublished": "2023-12-21T20:45:34.098Z",
"dateReserved": "2023-12-13T19:26:47.233Z",
"dateUpdated": "2024-11-27T18:41:27.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7016 (GCVE-0-2023-7016)
Vulnerability from cvelistv5 – Published: 2024-02-27 10:45 – Updated: 2024-08-15 18:53
VLAI
Title
Privilege Escalation in SafeNet Authentication Client
Summary
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
Severity
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Thales | SafeNet Authentication Client |
Affected:
0 , < 10.8
(patch 10)
|
Date Public
2024-02-18 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.thalesgroup.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thalesgroup:safenet_authentication_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safenet_authentication_client",
"vendor": "thalesgroup",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:17:31.490247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T18:53:46.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SafeNet Authentication Client",
"vendor": "Thales",
"versions": [
{
"lessThan": "10.8",
"status": "affected",
"version": "0",
"versionType": "patch 10"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kravets Vasiliy, xi-tauw@xi-tauw.info"
}
],
"datePublic": "2024-02-18T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access."
}
],
"value": "A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T10:45:28.333Z",
"orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"shortName": "THA-PSIRT"
},
"references": [
{
"url": "https://supportportal.thalesgroup.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA).\u003cbr\u003e"
}
],
"value": "Upgrade to the current SafeNet Authentication Client 10.8 R10 (GA).\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in SafeNet Authentication Client ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
"assignerShortName": "THA-PSIRT",
"cveId": "CVE-2023-7016",
"datePublished": "2024-02-27T10:45:28.333Z",
"dateReserved": "2023-12-20T15:48:00.568Z",
"dateUpdated": "2024-08-15T18:53:46.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7080 (GCVE-0-2023-7080)
Vulnerability from cvelistv5 – Published: 2023-12-29 11:58 – Updated: 2024-08-02 08:50
VLAI
Title
Arbitrary remote code execution within wrangler dev Workers sandbox
Summary
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.
This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.
Severity
8.5 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloudflare | wrangler |
Affected:
0 , ≤ 3.0.0
(patch)
Affected: 0 , < 3.19.0 (patch) Affected: 0 , ≤ 2.0.0 (patch) Affected: 0 , < 2.20.2 (patch) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "wrangler",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "wrangler",
"repo": "https://github.com/cloudflare/workers-sdk",
"vendor": "Cloudflare",
"versions": [
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "3.19.0",
"status": "unaffected"
}
],
"lessThan": "3.19.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.0.0",
"status": "affected",
"version": "0",
"versionType": "patch"
},
{
"changes": [
{
"at": "2.20.2",
"status": "unaffected"
}
],
"lessThan": "2.20.2",
"status": "affected",
"version": "0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Peter Wu (Lekensteyn)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. \u003cb\u003ewrangler dev\u003c/b\u003e would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If \u003cb\u003ewrangler dev --remote\u003c/b\u003e was being used, an attacker could access production resources if they were bound to the worker.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e. Whilst \u003cb\u003ewrangler dev\u003c/b\u003e\u0027s inspector server listens on local interfaces by default as of \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, an \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7\"\u003eSSRF vulnerability in miniflare\u003c/a\u003e\u0026nbsp;(CVE-2023-7078) allowed access from the local network until \u003cb\u003ewrangler@3.18.0\u003c/b\u003e. \u003cb\u003ewrangler@3.19.0\u003c/b\u003e and \u003cb\u003ewrangler@2.20.2\u003c/b\u003e introduced validation for the \u003cb\u003eOrigin\u003c/b\u003e/\u003cb\u003eHost\u003c/b\u003e headers.\u003cbr\u003e"
}
],
"value": "The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker.\n\nThis issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev\u0027s inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7 \u00a0(CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T12:08:25.935Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf"
},
{
"url": "https://github.com/cloudflare/workers-sdk/issues/4430"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4437"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4535"
},
{
"url": "https://github.com/cloudflare/workers-sdk/pull/4550"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Arbitrary remote code execution within wrangler dev Workers sandbox",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least \u003cb\u003ewrangler@3.16.0\u003c/b\u003e, and configure Wrangler to listen on local interfaces instead with \u003cb\u003ewrangler dev --ip 127.0.0.1\u003c/b\u003e to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"value": "Unfortunately, Wrangler doesn\u0027t provide any configuration for which host that inspector server should listen on. Please upgrade to at least wrangler@3.16.0, and configure Wrangler to listen on local interfaces instead with wrangler dev --ip 127.0.0.1 to prevent SSRF. This removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-7080",
"datePublished": "2023-12-29T11:58:36.214Z",
"dateReserved": "2023-12-22T09:59:52.954Z",
"dateUpdated": "2024-08-02T08:50:07.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7090 (GCVE-0-2023-7090)
Vulnerability from cvelistv5 – Published: 2023-12-23 22:33 – Updated: 2024-08-02 08:50
VLAI
Title
Sudo: improper handling of ipa_hostname leads to privilege mismanagement
Summary
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Severity
6.6 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2023-7090 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | issue-trackingx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2024… | |
| https://security.netapp.com/advisory/ntap-2024020… | |
| https://www.sudo.ws/releases/legacy/#1.8.28 |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | sudo |
Unaffected:
1.8.28
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora | ||
| Fedora | Fedora |
Date Public
2019-08-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sudo",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.8.28"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "freeipa",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security)."
}
],
"datePublic": "2019-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T11:05:45.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"timeline": [
{
"lang": "en",
"time": "2018-11-02T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2019-08-15T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Sudo: improper handling of ipa_hostname leads to privilege mismanagement",
"x_redhatCweChain": "CWE-269: Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7090",
"datePublished": "2023-12-23T22:33:13.530Z",
"dateReserved": "2023-12-23T19:25:33.533Z",
"dateUpdated": "2024-08-02T08:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7241 (GCVE-0-2023-7241)
Vulnerability from cvelistv5 – Published: 2024-05-01 16:49 – Updated: 2024-08-02 08:57
VLAI
Title
Webroot Antivirus COM-Hijacking LPE
Summary
Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on
Windows64 bit and 32 bit allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.
Severity
7.9 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Webroot | Webroot AntiVirus (Consumer) and Webroot Endpoint Protection (Business) |
Affected:
8.0.1 , < 9.0.35.17
(custom)
|
Date Public
2024-05-01 04:25
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webroot:anti-virus-and-endpoint-protection:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anti-virus-and-endpoint-protection",
"vendor": "webroot",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T18:25:09.528106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:28.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://answers.webroot.com/Webroot/ukp.aspx?\u0026app=vw\u0026vw=1\u0026login=1\u0026solutionid=4258"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.webroot.com/us/en/support/support-consumer-release-notes"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.webroot.com/us/en/business/support/release-notes#heading-endpoint"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit",
"32 bit"
],
"product": "Webroot AntiVirus (Consumer) and Webroot Endpoint Protection (Business)",
"vendor": "Webroot",
"versions": [
{
"lessThan": "9.0.35.17",
"status": "affected",
"version": "8.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kolja Grassmann (cirosec GmbH) and Alain R\u00f6del (Neodyme)"
}
],
"datePublic": "2024-05-01T04:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege Escalation\u0026nbsp;in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWindows64 bit and 32 bit\u0026nbsp;\u003c/span\u003eallows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.\u003cbr\u003e"
}
],
"value": "Privilege Escalation\u00a0in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on \n\nWindows64 bit and 32 bit\u00a0allows malicious software to abuse WRSA.EXE to delete arbitrary and protected files.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:49:00.697Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://answers.webroot.com/Webroot/ukp.aspx?\u0026app=vw\u0026vw=1\u0026login=1\u0026solutionid=4258"
},
{
"url": "https://www.webroot.com/us/en/support/support-consumer-release-notes"
},
{
"url": "https://www.webroot.com/us/en/business/support/release-notes#heading-endpoint"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Webroot Antivirus COM-Hijacking LPE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-7241",
"datePublished": "2024-05-01T16:49:00.697Z",
"dateReserved": "2024-01-25T15:14:02.922Z",
"dateUpdated": "2024-08-02T08:57:35.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7342 (GCVE-0-2023-7342)
Vulnerability from cvelistv5 – Published: 2026-04-02 18:27 – Updated: 2026-05-14 02:07
VLAI
Title
Belden HiSecOS Web Server Privilege Escalation
Summary
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://assets.belden.com/m/4828b7cf8b652105/orig… | vendor-advisory |
| https://www.vulncheck.com/advisories/belden-hisec… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Belden | Hirschmann HiSecOS EAGLE |
Affected:
03.4.00 , ≤ 04.1.00
(custom)
|
Date Public
2023-01-30 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T19:15:02.644087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T19:15:13.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann HiSecOS EAGLE",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "04.1.00",
"status": "affected",
"version": "03.4.00",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device.\u003c/p\u003e"
}
],
"value": "HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative access to the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:08.561Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Bulletins",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/4828b7cf8b652105/original/Microsoft-Word-Belden_Security_Bulletin_BSECV-2021-07_1v0-docx.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/belden-hisecos-web-server-privilege-escalation"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Belden HiSecOS Web Server Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7342",
"datePublished": "2026-04-02T18:27:15.226Z",
"dateReserved": "2026-04-01T21:24:27.566Z",
"dateUpdated": "2026-05-14T02:07:08.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7343 (GCVE-0-2023-7343)
Vulnerability from cvelistv5 – Published: 2026-04-02 19:56 – Updated: 2026-05-25 23:41
VLAI
Title
Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File
Summary
Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://assets.belden.com/m/774e2db2b0100bc1/orig… | vendor-advisory |
| https://www.vulncheck.com/advisories/belden-indus… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Belden | Hirschmann Industrial HiVision |
Unaffected:
08.3.02
(custom)
Affected: 05.0.00 , ≤ 08.3.01 (custom) |
Date Public
2023-03-28 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T20:19:10.286674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T20:25:38.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hirschmann Industrial HiVision",
"vendor": "Belden",
"versions": [
{
"status": "unaffected",
"version": "08.3.02",
"versionType": "custom"
},
{
"lessThanOrEqual": "08.3.01",
"status": "affected",
"version": "05.0.00",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:25.894Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Belden Security Bulletins",
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/774e2db2b0100bc1/original/Belden-Security-Bulletin-BSECV-2023-06.pdf"
},
{
"url": "https://www.vulncheck.com/advisories/belden-industrial-hivision-arbitrary-code-execution-via-malicious-project-file"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-7343",
"datePublished": "2026-04-02T19:56:24.883Z",
"dateReserved": "2026-04-01T21:30:55.311Z",
"dateUpdated": "2026-05-25T23:41:25.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0003 (GCVE-0-2024-0003)
Vulnerability from cvelistv5 – Published: 2024-09-23 17:27 – Updated: 2024-09-24 13:28
VLAI
Summary
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
Severity
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://purestorage.com/security | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PureStorage | FlashArray |
Affected:
5.3.17 , ≤ 5.3.21
(custom)
Affected: 6.1.8 , ≤ 6.1.25 (custom) Affected: 6.0.7 , ≤ 6.0.9 (custom) Affected: 6.2.0 , ≤ 6.2.17 (custom) Affected: 6.3.0 , ≤ 6.3.14 (custom) Affected: 6.4.0 , ≤ 6.4.10 (custom) Affected: 6.5.0 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:purestorage:flasharray:5.3.17:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:purestorage:flasharray:6.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "flasharray",
"vendor": "purestorage",
"versions": [
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.17",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:17:50.484476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:28:44.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Purity"
],
"product": "FlashArray",
"vendor": "PureStorage",
"versions": [
{
"lessThanOrEqual": "5.3.21",
"status": "affected",
"version": "5.3.17",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.3.14",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.5.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T17:34:27.686Z",
"orgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"shortName": "PureStorage"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://purestorage.com/security"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\u003cbr\u003e\n\u003cbr\u003eThis issue is resolved in the following\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;FlashArray Purity \u003c/span\u003e releases:\n\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.3.15 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.5.1 or later \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePurity//FA versions 6.6.1 or later.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Affected customers will need to apply a self-service patch bundle or upgrade their Purity to an unaffected Purity version.\n\n\n\nThis issue is resolved in the following\u00a0FlashArray Purity releases:\n\n * Purity//FA versions 6.3.15 or later \n * Purity//FA versions 6.5.1 or later \n * Purity//FA versions 6.6.1 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3895c224-4e1d-482a-adb3-fa64795683ac",
"assignerShortName": "PureStorage",
"cveId": "CVE-2024-0003",
"datePublished": "2024-09-23T17:27:30.114Z",
"dateReserved": "2023-11-01T17:10:16.737Z",
"dateUpdated": "2024-09-24T13:28:44.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0082 (GCVE-0-2024-0082)
Vulnerability from cvelistv5 – Published: 2024-04-08 22:00 – Updated: 2024-08-01 17:41
VLAI
Title
CVE
Summary
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering
Severity
8.2 (High)
CWE
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nvidia:chatrtx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chatrtx",
"vendor": "nvidia",
"versions": [
{
"lessThanOrEqual": "0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T16:54:08.246544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:05:04.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ChatRTX",
"vendor": "nvidia",
"versions": [
{
"status": "affected",
"version": "0.2 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
}
],
"value": "NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-08T22:00:35.763Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5532"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE"
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0082",
"datePublished": "2024-04-08T22:00:35.763Z",
"dateReserved": "2023-12-02T00:41:53.225Z",
"dateUpdated": "2024-08-01T17:41:16.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.