Windows Configuration Files Vulnerable to Information Disclosure
CVE-2023-5937

3.8LOW

Key Information:

Vendor: Nozomi Networks
Status: Arc
Vendor: CVE Published:; 15 May 2024

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2023-5937?

On Windows systems, the Arc configuration files resulted to be world-readable.

This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files.

Affected Version(s)

Arc Windows 0 < 1.6.0

References

https://security.nozominetworks.com/NN-2023:15-01

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 2, 2023

Credit

This issue was found by Diego Giubertoni, Gabriele Quagliarella of Nozomi Networks Security Research team during an internal penetration testing session.