CVE-2022-50928

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlueSoleilCS version 5.4.277

Description BlueSoleilCS version 5.4.277 has a security issue related to an unquoted service path in its Windows service configuration. This could allow local attackers to execute arbitrary code. The vulnerable path is located at 'C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe'. An attacker can exploit this by injecting malicious executables and potentially gaining elevated privileges.

Recommendations Update BlueSoleilCS to a version that addresses this unquoted service path issue. As a temporary workaround, restrict access to the 'C:Program FilesIVT CorporationBlueSoleilBlueSoleilCS.exe' file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2022-50928

Affected Products

Bluesoleilcs

CVE-2022-50928

Weakness Enumeration

Related Identifiers

Affected Products

References · 8