PT-2023-19731 · Vx Search · Vx Search

Published

2023-03-16

Updated

2023-03-22

CVE-2023-24671

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VX Search versions 13.8 through 14.7

Description The issue allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file, due to an unquoted service path vulnerability.

Recommendations For versions 13.8 through 14.7, update to a version that fixes the unquoted service path vulnerability to prevent attackers from executing arbitrary commands at elevated privileges.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2023-24671

Affected Products

Vx Search

PT-2023-19731 · Vx Search · Vx Search

CVE-2023-24671

Weakness Enumeration

Related Identifiers

Affected Products

References · 5