PT-2023-24350 · Kramerav · Kramerav Via Connect+1
Published
2023-08-09
·
Updated
2023-08-17
·
CVE-2023-33469
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
KramerAV VIA Connect (2) versions prior to 4.0.1.1326
KramerAV VIA Go (2) versions prior to 4.0.1.1326
Description
The issue allows for local code execution at the root level when the screen is visible and remote mouse connection is enabled. This can be exploited in instances where these conditions are met.
Recommendations
For KramerAV VIA Connect (2) versions prior to 4.0.1.1326, update to version 4.0.1.1326 or later to resolve the issue.
For KramerAV VIA Go (2) versions prior to 4.0.1.1326, update to version 4.0.1.1326 or later to resolve the issue.
As a temporary workaround, consider disabling remote mouse connections when the screen is visible to minimize the risk of exploitation.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kramerav Via Connect
Kramerav Via Go²