9.1

CVE-2023-49312

Exploit

EPSS 0.08%
Veröffentlicht 26.11.2023 22:15:06
Zuletzt bearbeitet 21.11.2024 08:33:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Precisionbridge ≫ Precision Bridge Version < 7.3.21

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.244

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://precisionbridge.net/738vulnerability

Third Party Advisory

Exploit

https://processhacker.sourceforge.io/archive/website_v2/features.php

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-49312

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49312

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49312

EUVD