CVE-2023-45253

Name of the Vulnerable Software and Affected Versions Huddly HuddlyCameraService versions prior to 8.0.7, excluding version 7.99

Description An issue in HuddlyCameraService allows attackers to manipulate files and escalate privileges via the RollingFileAppender.DeleteFile method performed by the log4net library. Additionally, a DLL Hijacking vulnerability exists due to the service installation in a directory that grants write privileges to standard users, allowing attackers to manipulate files, execute arbitrary code, and escalate privileges.

Recommendations For versions prior to 8.0.7, excluding version 7.99, update to version 8.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory where the service is installed to prevent standard users from gaining write privileges. Avoid using the RollingFileAppender.DeleteFile method until the issue is resolved.