PT-2023-29744 · Qumu · Qumu Multicast Extension V2
Published
2023-10-19
·
Updated
2024-09-12
·
CVE-2023-45883
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qumu Multicast Extension v2 versions prior to 2.0.63
Description
A privilege escalation issue exists within the Qumu Multicast Extension v2 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
Recommendations
For Qumu Multicast Extension v2 versions prior to 2.0.63, update to version 2.0.63 or later to resolve the issue. As a temporary workaround, consider restricting access to the software repair function to prevent standard users from triggering the vulnerability.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qumu Multicast Extension V2