Unquoted Service Path Vulnerability in VX Search by ApexSQL
CVE-2023-24671

7.8HIGH

Key Information:

Vendor: Vxsearch
Status: Vx Search
Vendor: CVE Published:; 16 March 2023

What is CVE-2023-24671?

VX Search versions 13.8 and 14.7 contain an unquoted service path vulnerability that could potentially allow unauthorized attackers to execute arbitrary commands with elevated privileges. This flaw arises from the way service paths are defined within the application, permitting the introduction of malicious executable files that may be exploited for privilege escalation. Organizations using affected versions should prioritize applying the relevant patches and changing configurations to mitigate potential risks.

References

https://medium.com/%40SumitVerma101/windows-privilege-esc...

https://packetstormsecurity.com/files/171300/VX-Search-13...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2023
Vulnerability Reserved
Jan 30, 2023

CVE-2023-24671 Data

JSON

Vxsearch

What is CVE-2023-24671?

References

CVSS V3.1

Timeline