DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI
CVE-2023-41782

4.8MEDIUM

Key Information:

Vendor: ZTE
Status: ZXCLOUD iRAI
Vendor: CVE Published:; 5 January 2024

What is CVE-2023-41782?

A DLL hijacking vulnerability has been identified in ZTE's ZXCLOUD iRAI, enabling attackers to potentially exploit system weaknesses by placing a malicious dynamic link library (DLL) file in designated directories. This flaw allows unauthorized execution of harmful code, which could compromise the integrity and security of affected systems. Organizations using ZTE ZXCLOUD iRAI should immediately review their security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

ZXCLOUD iRAI Windows All versions up to V7.01.04P1_1104

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Sep 1, 2023