Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-33873

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-15 Nov, 2023 | 16:22
Updated At-21 Nov, 2024 | 20:10
Rejected At-
Credits

AVEVA Operations Control Logger Execution with Unnecessary Privileges

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:15 Nov, 2023 | 16:22
Updated At:21 Nov, 2024 | 20:10
Rejected At:
▼CVE Numbering Authority (CNA)
AVEVA Operations Control Logger Execution with Unnecessary Privileges

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Affected Products
Vendor
AVEVAAVEVA
Product
SystemPlatform
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 P01 (custom)
Vendor
AVEVAAVEVA
Product
Historian
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 P01 (custom)
Vendor
AVEVAAVEVA
Product
Application Server
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 P01 (custom)
Vendor
AVEVAAVEVA
Product
InTouch
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 P01 (custom)
Vendor
AVEVAAVEVA
Product
Enterprise Licensing (formerly known as License Manager)
Default Status
unaffected
Versions
Affected
  • From 0 through 3.7.002 (custom)
Vendor
AVEVAAVEVA
Product
Manufacturing Execution System (formerly known as Wonderware MES)
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 P01 (custom)
Vendor
AVEVAAVEVA
Product
Recipe Management
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 Update 1 Patch 2 (custom)
Vendor
AVEVAAVEVA
Product
Batch Management
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 SP1 (custom)
Vendor
AVEVAAVEVA
Product
Edge (formerly known as Indusoft Web Studio)
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 P01 (custom)
Vendor
AVEVAAVEVA
Product
Worktasks (formerly known as Workflow Management)
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 U2 (custom)
Vendor
AVEVAAVEVA
Product
Plant SCADA (formerly known as Citect)
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 Update 15 (custom)
Vendor
AVEVAAVEVA
Product
Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R1 (custom)
Vendor
AVEVAAVEVA
Product
Communication Drivers Pack
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 (custom)
Vendor
AVEVAAVEVA
Product
Telemetry Server
Default Status
unaffected
Versions
Affected
  • From 0 through 2020 R2 SP1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-250CWE-250 Execution with Unnecessary Privileges
Type: CWE
CWE ID: CWE-250
Description: CWE-250 Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible. In addition to applying security updates, users should follow these general precautions: * Ensure that Guest or Anonymous local OS accounts are disabled. * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running. Please see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/  for more information and for links for individual security updates and mitigations for each of the affected products. AVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736

Configurations
Workarounds
Exploits
Credits
finder
Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
N/A
https://www.aveva.com/en/support-and-success/cyber-security-updates/
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
Resource: N/A
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
x_transferred
https://www.aveva.com/en/support-and-success/cyber-security-updates/
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
Resource:
x_transferred
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:15 Nov, 2023 | 17:15
Updated At:08 Dec, 2023 | 17:27

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
AVEVA
aveva
>>batch_management>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:batch_management:*:*:*:*:*:*:*:*
AVEVA
aveva
>>batch_management>>2020
cpe:2.3:a:aveva:batch_management:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>batch_management>>2020
cpe:2.3:a:aveva:batch_management:2020:sp1:*:*:*:*:*:*
AVEVA
aveva
>>communication_drivers>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:communication_drivers:*:*:*:*:*:*:*:*
AVEVA
aveva
>>communication_drivers>>2020
cpe:2.3:a:aveva:communication_drivers:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>communication_drivers>>2020
cpe:2.3:a:aveva:communication_drivers:2020:r2:*:*:*:*:*:*
AVEVA
aveva
>>communication_drivers>>2020
cpe:2.3:a:aveva:communication_drivers:2020:r2_p01:*:*:*:*:*:*
AVEVA
aveva
>>edge>>Versions up to 20.1.101(inclusive)
cpe:2.3:a:aveva:edge:*:*:*:*:*:*:*:*
AVEVA
aveva
>>enterprise_licensing>>Versions up to 3.7.002(inclusive)
cpe:2.3:a:aveva:enterprise_licensing:*:*:*:*:*:*:*:*
AVEVA
aveva
>>historian>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:historian:*:*:*:*:*:*:*:*
AVEVA
aveva
>>historian>>2020
cpe:2.3:a:aveva:historian:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>historian>>2020
cpe:2.3:a:aveva:historian:2020:r2:*:*:*:*:*:*
AVEVA
aveva
>>historian>>2020
cpe:2.3:a:aveva:historian:2020:r2_p01:*:*:*:*:*:*
AVEVA
aveva
>>intouch>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:intouch:*:*:*:*:*:*:*:*
AVEVA
aveva
>>intouch>>2020
cpe:2.3:a:aveva:intouch:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>intouch>>2020
cpe:2.3:a:aveva:intouch:2020:r2:*:*:*:*:*:*
AVEVA
aveva
>>intouch>>2020
cpe:2.3:a:aveva:intouch:2020:r2_p01:*:*:*:*:*:*
AVEVA
aveva
>>manufacturing_execution_system>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:manufacturing_execution_system:*:*:*:*:*:*:*:*
AVEVA
aveva
>>manufacturing_execution_system>>2020
cpe:2.3:a:aveva:manufacturing_execution_system:2020:*:*:*:*:*:*:*
AVEVA
aveva
>>manufacturing_execution_system>>2020
cpe:2.3:a:aveva:manufacturing_execution_system:2020:p01:*:*:*:*:*:*
AVEVA
aveva
>>mobile_operator>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:mobile_operator:*:*:*:*:*:*:*:*
AVEVA
aveva
>>mobile_operator>>2020
cpe:2.3:a:aveva:mobile_operator:2020:*:*:*:*:*:*:*
AVEVA
aveva
>>mobile_operator>>2020
cpe:2.3:a:aveva:mobile_operator:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>mobile_operator>>2020
cpe:2.3:a:aveva:mobile_operator:2020:r1:*:*:*:*:*:*
AVEVA
aveva
>>plant_scada>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:plant_scada:*:*:*:*:*:*:*:*
AVEVA
aveva
>>plant_scada>>2020
cpe:2.3:a:aveva:plant_scada:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>plant_scada>>2020
cpe:2.3:a:aveva:plant_scada:2020:r2:*:*:*:*:*:*
AVEVA
aveva
>>recipe_management>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:recipe_management:*:*:*:*:*:*:*:*
AVEVA
aveva
>>recipe_management>>2020
cpe:2.3:a:aveva:recipe_management:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>recipe_management>>2020
cpe:2.3:a:aveva:recipe_management:2020:update_1_patch_2:*:*:*:*:*:*
AVEVA
aveva
>>system_platform>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:system_platform:*:*:*:*:*:*:*:*
AVEVA
aveva
>>system_platform>>2020
cpe:2.3:a:aveva:system_platform:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>system_platform>>2020
cpe:2.3:a:aveva:system_platform:2020:r2:*:*:*:*:*:*
AVEVA
aveva
>>system_platform>>2020
cpe:2.3:a:aveva:system_platform:2020:r2_p01:*:*:*:*:*:*
AVEVA
aveva
>>telemetry_server>>2020r2
cpe:2.3:a:aveva:telemetry_server:2020r2:-:*:*:*:*:*:*
AVEVA
aveva
>>telemetry_server>>2020r2
cpe:2.3:a:aveva:telemetry_server:2020r2:sp1:*:*:*:*:*:*
AVEVA
aveva
>>work_tasks>>Versions before 2020(exclusive)
cpe:2.3:a:aveva:work_tasks:*:*:*:*:*:*:*:*
AVEVA
aveva
>>work_tasks>>2020
cpe:2.3:a:aveva:work_tasks:2020:-:*:*:*:*:*:*
AVEVA
aveva
>>work_tasks>>2020
cpe:2.3:a:aveva:work_tasks:2020:update_1:*:*:*:*:*:*
AVEVA
aveva
>>work_tasks>>2020
cpe:2.3:a:aveva:work_tasks:2020:update_2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-250Secondaryics-cert@hq.dhs.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-250
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.aveva.com/en/support-and-success/cyber-security-updates/ics-cert@hq.dhs.gov
Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
Hyperlink: https://www.aveva.com/en/support-and-success/cyber-security-updates/
Source: ics-cert@hq.dhs.gov
Resource:
Vendor Advisory
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2020-10056
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.62%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:10
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.

Action-Not Available
Vendor-Siemens AG
Product-license_management_utilityLicense Management Utility (LMU)
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0664
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.16%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Microsoft CorporationFedora Project
Product-qemufedoraenterprise_linuxwindowsQEMU
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-39261
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.2||MEDIUM
EPSS-0.00% / 0.14%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 12:14
Updated-23 Oct, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-34118
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.52%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:01
Updated-22 Oct, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for Windows
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-30997
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.82%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:21
Updated-24 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager Docker
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-50590
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
ShareView Details
Matching Score-4
Assigner-SEC Consult Vulnerability Lab
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.39%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 11:45
Updated-08 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation via Weak Service Binary Permissions

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”.  Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM".

Action-Not Available
Vendor-HASOMEDhasomed
Product-Elefantelefant
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-49804
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 16:55
Updated-29 Jan, 2025 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance privilege escalation

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2024-47978
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.04%
||
7 Day CHG~0.00%
Published-25 Dec, 2024 | 14:57
Updated-29 Jan, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-nativeedge_orchestratorNativeEdge
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-27448
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 19:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).

Action-Not Available
Vendor-gen/a
Product-mu320emu320e_firmwareMU320E
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25653
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-8||HIGH
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 08:55
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU.

Action-Not Available
Vendor-Avaya LLC
Product-aura_appliance_virtualization_platformAvaya Aura Appliance Virtualization Platform Utilities
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-1528
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 16:45
Updated-07 Nov, 2024 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000vedge_100_firmwarevedge_100mvedge_5000_firmwarevedge_1000_firmwarevedge_5000vsmart_controllervedge_100b_firmwarevedge_100wm_firmwarevedge_2000_firmwarevedge_1000vedge_100bcatalyst_sd-wan_managervedge_cloudsd-wan_vbond_orchestratorvedge_100m_firmwarevedge_100vedge_cloud_firmwarevedge_100wmCisco SD-WAN Solution
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-1118
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-29 Oct, 2021 | 19:30
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-0223
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.26%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 17:36
Updated-17 Sep, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32853
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.16% / 37.89%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 07:03
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-250
Execution with Unnecessary Privileges
  • Previous
  • 1
  • 2
  • Next
Details not found