7.8
CVE-2023-42126
- EPSS 0.4%
- Veröffentlicht 03.05.2024 03:15:52
- Zuletzt bearbeitet 18.08.2025 15:32:24
- Quelle zdi-disclosures@trendmicro.com
- CVE-Watchlists
- Unerledigt
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gdata-software ≫ Total Security Version25.5.14.95
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| zdi-disclosures@trendmicro.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
https://www.zerodayinitiative.com/advisories/ZDI-23-1493/