Arc Temporary File Vulnerability Allows Root Privilege Execution

CVE-2023-5936

7.8HIGH

Key Information

Vendor: Nozomi Networks
Status: Arc
Vendor: CVE Published:; 15 May 2024

Summary

On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.

Affected Version(s)

Arc < 1.6.0

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
Nov 2, 2023

Collectors

NVD DatabaseMitre Database

Credit

This issue was found by Diego Giubertoni of Nozomi Networks Security Research team during an internal penetration testing session.