CVE-2023-27010

EPSS 0.12%
Veröffentlicht 13.03.2023 19:15:22
Zuletzt bearbeitet 03.03.2025 17:15:10
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wondershare ≫ Dr.Fone Version12.9.6 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.316

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://cwe.mitre.org/data/definitions/250.html

Technical Description

https://packetstormsecurity.com/files/171301/Wondershare-Dr-Fone-12.9.6-Weak-Permissions-Privilege-Escalation.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2023-27010

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27010

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27010

EUVD