CVE-2023-54338

Name of the Vulnerable Software and Affected Versions Tftpd32 SE version 4.60

Description The software contains an unquoted service path issue that may allow local attackers to execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.

Recommendations Update to a newer version that addresses this issue. As a temporary workaround, consider modifying the service configuration to use quoted paths to prevent the execution of unauthorized code.