7.8
CVE-2023-3181
- EPSS 0.03%
- Veröffentlicht 25.01.2024 16:15:07
- Zuletzt bearbeitet 14.08.2025 14:52:30
- Quelle cve-coordination@google.com
- CVE-Watchlists
- Unerledigt
LoginThe C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Splashtop ≫ Mirroring360 Receiver Version < 2.4.0.1
Splashtop ≫ Mirroring360 Sender Version < 1.3.0.0
Splashtop ≫ Splashtop For Rmm Version < 3.5.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve-coordination@google.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-379 Creation of Temporary File in Directory with Insecure Permissions
The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.