ModelSim Vulnerability Allows Arbitrary Code Injection and Privilege Escalation
CVE-2024-47195
7.3HIGH
Summary
A vulnerability exists in ModelSim and Questa which pertains to the execution of gdb.exe from a user-writable directory. This issue allows an authenticated local attacker to load a specially crafted executable file, potentially leading to arbitrary code execution and privilege escalation in instances where the application is launched by an administrative user or another process with elevated rights. This type of attack poses significant risk in environments where user permissions are incorrectly set, enabling malicious users to exploit this flaw and potentially gain unauthorized control over the system.
Affected Version(s)
ModelSim 0
Questa 0
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved