PT-2023-19478 · Unknown · Clash For Windows

Published

2023-02-23

Updated

2025-03-12

CVE-2023-24205

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Clash for Windows version 0.20.12

Description The issue is related to a remote code execution (RCE) vulnerability. It is exploited via overwriting the configuration file cfw-setting.yaml.

Recommendations For Clash for Windows version 0.20.12, consider restricting access to the configuration file cfw-setting.yaml to prevent unauthorized overwrites until a patch is available.

Exploit

Fix

RCE

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-24205

Affected Products

Clash For Windows

PT-2023-19478 · Unknown · Clash For Windows

CVE-2023-24205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6