Registry Manipulation Vulnerability in NEC PC Settings Tool
CVE-2023-25011

7.8HIGH

Key Information:

Vendor: Nec Corporation
Status: Pc Settings Tool
Vendor: CVE Published:; 15 February 2023

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2023-25011?

The NEC PC Settings Tool versions 10.1.26.0 and earlier and 11.0.22.0 and earlier are susceptible to a vulnerability that enables an attacker to write to the registry with administrator privileges while operating under standard user privileges. This allows unauthorized modifications to critical system settings, potentially compromising system integrity and security. Users are advised to upgrade to the latest software versions to mitigate associated risks.

Affected Version(s)

PC settings tool PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier.

References

https://jpn.nec.com/security-info/secinfo/nv23-001_en.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2023
Vulnerability Reserved
Feb 1, 2023