PT-2023-12716 · Ip Label · Ip-Label Newtest
Published
2023-01-30
·
Updated
2023-02-06
·
CVE-2022-23334
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ip-label Newtest versions prior to 8.5R0
Description
The Robot application in Ip-label Newtest was discovered to use weak signature checks on executed binaries. This allows attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.
Recommendations
For versions prior to 8.5R0, update to version 8.5R0 or later to resolve the issue. As a temporary workaround, consider restricting access to the NEWTESTREMOTEMANAGER.EXE file to minimize the risk of exploitation.
Exploit
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ip-Label Newtest