CVE-2023-27133

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TSplus Remote Work version 16.0.0.0

Description The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILES(X86)%TSplus-RemoteWorkClientswww folder. This weakness may enable privilege escalation if a different user can modify these files.

Recommendations For TSplus Remote Work version 16.0.0.0, consider restricting access to the %PROGRAMFILES(X86)%TSplus-RemoteWorkClientswww folder to prevent unauthorized modifications to .exe, .js, and .html files until a patch is available.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2023-27133

Affected Products

Tsplus Remote Work

CVE-2023-27133

Weakness Enumeration

Related Identifiers

Affected Products

References · 7