CVE-2023-27010

EPSS 0.12%
Published 13.03.2023 19:15:22
Last modified 03.03.2025 17:15:10
Source cve@mitre.org
Teams watchlist Login
Open Login

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wondershare ≫ Dr.Fone Version12.9.6 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.316

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://cwe.mitre.org/data/definitions/250.html

Technical Description

https://packetstormsecurity.com/files/171301/Wondershare-Dr-Fone-12.9.6-Weak-Permissions-Privilege-Escalation.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2023-27010

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27010

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27010

EUVD