CVE-2023-0664

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU Guest Agent (affected versions not specified)

Description A flaw was found in the QEMU Guest Agent service for Windows, allowing a local unprivileged user to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. This issue is related to insecure privilege management.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

BDU:2024-08942

CVE-2023-0664

OESA-2023-1472

OESA-2023-1473

OESA-2023-1474

OESA-2023-1475

OESA-2023-1476

ROSA-SA-2025-2641

Affected Products

Qemu Guest Agent

CVE-2023-0664

Weakness Enumeration

Related Identifiers

Affected Products

References · 48