5.3

CVE-2023-7270

EPSS 0.05%
Veröffentlicht 27.06.2024 10:15:10
Zuletzt bearbeitet 21.11.2024 08:45:38
Quelle 551230f0-3615-47bd-b7cc-93e92e
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.





The SoftMaker Office and FreeOffice MSI installer files were found to
 produce a visible conhost.exe window running as the SYSTEM user when 
using the repair function of msiexec.exe. This allows a local, 
low-privileged attacker to use a chain of actions, to open a fully 
functional cmd.exe with the privileges of the SYSTEM user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellersoftmaker

≫

Produkt softmaker_office

Default Statusunknown

Version 2024

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.168

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

http://seclists.org/fulldisclosure/2024/Jul/5

https://r.sec-consult.com/softmaker

https://softmaker.de/download/servicepacks

https://www.freeoffice.com/de/download/servicepacks

https://nvd.nist.gov/vuln/detail/CVE-2023-7270

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7270

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7270

EUVD