CVE-2023-45883
Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (2)
NVD, NVD
CWE (1)
CWE-269: Improper Privilege Management
CAPEC (-)
Risk
CVSS Score
7.8 High
SSVC
Track*
KEV
-
EPSS
0.0%
Affected Products (-)
Vendors (2)
enghouse, microsoft
Products (2)
qumu, windows
Versions (1)
>= 2.0.0 < 2.0.63
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (2)
General (2)
hackandpwn, vidyo
Exploits & POcs (-)
Patches (-)
Advisories (-)
Summary
Descriptions
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
Existe una vulnerabilidad de escalada de privilegios en Qumu Multicast Extension v2 anterior a 2.0.63 para Windows. Cuando un usuario estándar inicia una reparación del software, se abre una ventana emergente con privilegios de SYSTEM. Los usuarios estándar pueden usar esto para obtener la ejecución de código arbitrario como SYSTEM.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-15 CVE Reserved
- 2023-10-19 CVE Published
- 2023-10-20 EPSS Updated
- 2024-09-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
Threat Intelligence Resources (0)
| Select | Title | Date |
|---|
Security Advisory details:
Select an advisory to view details here.
| Select | Title | Date |
|---|
Select an exploit to view details here.
References (2)
| URL | Tag | Source |
|---|---|---|
| https://hackandpwn.com/disclosures/CVE-2023-45883.pdf | Third Party Advisory | |
| https://www.vidyo.com/enterprise-video-management/qumu | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Enghouse Search vendor "Enghouse" | Qumu Search vendor "Enghouse" for product "Qumu" | >= 2.0.0 < 2.0.63 Search vendor "Enghouse" for product "Qumu" and version " >= 2.0.0 < 2.0.63" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|