Arc Temporary File Vulnerability Allows Root Privilege Execution
CVE-2023-5936

7.8HIGH

Key Information:

Vendor: Nozomi Networks
Status: Arc
Vendor: CVE Published:; 15 May 2024

Summary

On Unix-based systems such as Linux and MacOS, a vulnerability exists in the Arc application due to its use of a temporary file with unsafe privileges. This flaw enables a malicious local user to manipulate the temporary file, potentially leading to unauthorized execution of arbitrary code with elevated root privileges. System administrators and users of Arc are urged to take precautions by applying necessary updates and monitoring any suspicious activities.

Affected Version(s)

Arc Linux 0 < 1.6.0

References

https://security.nozominetworks.com/NN-2023:14-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 2, 2023

Credit

This issue was found by Diego Giubertoni of Nozomi Networks Security Research team during an internal penetration testing session.