PT-2024-7987 · Mentor Graphics · Questa+1
Ycdxsb
·
Published
2024-10-08
·
Updated
2024-10-16
·
CVE-2024-47194
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ModelSim versions prior to V2024.3
Questa versions prior to V2024.3
Description
A vulnerability has been identified in the
vish2.exe file of the affected applications, allowing a specific DLL file to be loaded from the current working directory. This could enable an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. The issue is related to an uncontrolled search path element.Recommendations
For ModelSim versions prior to V2024.3, update to version V2024.3 or later to resolve the issue.
For Questa versions prior to V2024.3, update to version V2024.3 or later to resolve the issue.
As a temporary workaround, consider restricting the launch of
vish2.exe from user-writable directories to minimize the risk of exploitation.Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modelsim
Questa