PT-2023-3970 · Unknown · Qvpn Device Client

Runzi Zhao

Publicado

2023-07-31

Atualizado

2024-12-24

CVE-2022-27595

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QVPN Device Client versions prior to 2.0.0.1310 QVPN Device Client versions prior to 2.0.0.1316

Description The issue is related to an insecure library loading vulnerability. If exploited, it could allow local attackers who have gained user access to execute unauthorized code or commands.

Recommendations For QVPN Device Client versions prior to 2.0.0.1310, update to version 2.0.0.1310 or later. For QVPN Device Client versions prior to 2.0.0.1316, update to version 2.0.0.1316 or later.

Correção

RCE

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-427

Identificadores relacionados

BDU:2023-04266

CVE-2022-27595

Produtos afetados

Qvpn Device Client

PT-2023-3970 · Unknown · Qvpn Device Client

CVE-2022-27595

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10