PT-2023-4985 · Unknown · Igss Update Service

Publicado

2023-09-12

Atualizado

2023-09-20

CVE-2023-4516

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IGSS Update Service (affected versions not specified)

Description A Missing Authentication for Critical Function issue exists in the IGSS Update Service, potentially allowing a local attacker to change the update source. This could lead to remote code execution if the attacker forces an update containing malicious content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

BDU:2023-05524

CVE-2023-4516

Produtos afetados

Igss Update Service

PT-2023-4985 · Unknown · Igss Update Service

CVE-2023-4516

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7