CVE-2023-49114

Exploit

EPSS 0.06%
Veröffentlicht 26.02.2024 16:27:47
Zuletzt bearbeitet 25.04.2025 19:40:19
Quelle 551230f0-3615-47bd-b7cc-93e92e
CVE-Watchlists
Login
Unerledigt
Login

A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hexagon ≫ Qognify Vms Client Viewer Version >= 7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://seclists.org/fulldisclosure/2024/Mar/10

Third Party Advisory

Exploit

Mailing List

https://r.sec-consult.com/qognify

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-49114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49114

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-49114