PT-2023-9632 · Qemu · Qemu Guest Agent

Brian Wiltse

Publicado

2023-03-03

Atualizado

2025-02-18

CVE-2023-0664

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU Guest Agent (affected versions not specified)

Description A flaw was found in the QEMU Guest Agent service for Windows, allowing a local unprivileged user to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. This issue is related to insecure privilege management.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-250CWE-269

Identificadores relacionados

BDU:2024-08942

CVE-2023-0664

OESA-2023-1472

OESA-2023-1473

OESA-2023-1474

OESA-2023-1475

OESA-2023-1476

ROSA-SA-2025-2641

Produtos afetados

Qemu Guest Agent

PT-2023-9632 · Qemu · Qemu Guest Agent

CVE-2023-0664

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 48